Here I am trying to verify mobile number in user module. I have created token and I sent to user but whenever user is trying to verify using that particular token 'Password' and 'salt' automatically got changed. How to avoid this? Some one help me out .. here I want to update only
user.Mobileverification = 'verfied';
user.Mobileverificationcode = undefined;
user.mobileVerificationExpires = undefined;
Above three variables got changed but I don't know why password and salt has changed?
I have given my routes below:
app.route('/auth/mobilereset/:token').get(users.mobileresetResetToken);
app.route('/auth/mobilereset/:token').post(users.mobilereset);
controller:
exports.mobileresetResetToken = function(req, res) {
User.findOne({
Mobileverificationcode :req.params.token,
mobileVerificationExpires: {
$gt: Date.now()
}
// resetPasswordToken: req.params.token,
// resetPasswordExpires: {
// $gt: Date.now()
// }
}, function(err, user) {
if (!user) {
res.send({
message: 'Invalid token'
});
} else {
console.log('working fine');
}
});
};
exports.mobilereset = function(req, res, next) {
async.waterfall([
function(done) {
User.findOne({
Mobileverificationcode: req.params.token,
mobileVerificationExpires: {
$gt: Date.now()
}
}, function(err, user) {
if (!err && user) {
user.Mobileverification = 'verfied';
user.Mobileverificationcode = undefined;
user.mobileVerificationExpires = undefined;
user.save(function(err) {
if (err) {
return res.status(400).send({
message: errorHandler.getErrorMessage(err)
});
} else {
req.login(user, function(err) {
if (err) {
res.status(400).send(err);
} else {
// Return authenticated user
res.json(user);
done(err, user);
}
});
}
});
} else {
return res.status(400).send({
message: 'reset token is invalid or has expired.'
});
}
});
},
], function(err) {
if (err) return next(err);
});
};
model:
var UserSchema = new Schema({
username: {
type: String,
unique: 'testing error message',
required: 'Please fill in a username',
trim: true
},
password: {
type: String,
default: '',
// validate: [validateLocalStrategyPassword, 'Password should be longer']
},
email: {
type: String,
trim: true,
default: '',
// validate: [validateLocalStrategyProperty, 'Please fill in your email'],
// match: [/.+\#.+\..+/, 'Please fill a valid email address']
},
Mobilenumber: {
type: String,
default: ''
},
roles: {
type: [{
type: String,
enum: ['user', 'admin']
}],
default: ['user']
},
salt: {
type: String
},
provider: {
type: String,
required: 'Provider is required'
},
providerData: {},
additionalProvidersData: {},
updated: {
type: Date
},
created: {
type: Date,
default: Date.now
},
/* For reset password */
Mobileverificationcode: {
type: String,
},
mobileVerificationExpires: {
type: Date
},
Mobileverification: {
type: String,
trim: true,
default: 'Not Verified',
},
resetPasswordToken: {
type: String
},
resetPasswordExpires: {
type: Date
}
});
I don't know if you removed this or not but in MEAN.js user model, you have to be careful with the following code block:
/**
* Hook a pre save method to hash the password
*/
UserSchema.pre('save', function (next) {
if (this.password && this.isModified('password')) {
this.salt = crypto.randomBytes(16).toString('base64');
this.password = this.hashPassword(this.password);
}
next();
});
Which will be called right before you save the user data. That's probably why password and salt keep changing... You are calling user.save in mobile.reset() and that code block above is still present somewhere.
Update:
A possible way of doing it is:
/**
* Hook a pre save method to hash the password
*/
UserSchema.pre('save', function (next) {
if(!this.isModified('Mobileverification') && !this.isModified('Mobileverificationcode') && !this.isModified('mobileVerificationExpires')) {
if (this.password && this.isModified('password')) {
this.salt = crypto.randomBytes(16).toString('base64');
this.password = this.hashPassword(this.password);
}
}
next();
});
However it might need a few adjustments, such as improving this pre-save hook according to your needs and testing password changing and mobile verification to see if nothing is broken.
Related
I am working on an eCommerce application, and I am trying to save users in my database but when I hit the API in the postmen then instead of :
res.json({
name: user.name,
email: user.email,
id: user._id
});
});
**instead of this code following code is running
user.save((err, user) => {
if (err) {
return res.status(400).json({
err: "NOT able to save user in DB"
});
}
//the complete code of my "auth.js" file is as following:
const User = require("../models/user");
exports.signup = (req, res) => {
const user = new User(req.body);
user.save((err, user) => {
if (err) {
return res.status(400).json({
err: "NOT able to save user in DB"
});
}
res.json({
name: user.name,
email: user.email,
id: user._id
});
});
};
exports.signout = (req, res) => {
res.json({
message: "User signout"
});
};
///and the complete code of my user model file is as following:
var mongoose = require("mongoose");
const crypto = require("crypto");
const uuidv1 = require("uuid/v1");
var userSchema = new mongoose.Schema(
{
name: {
type: String,
required: true,
maxlength: 32,
trim: true
},
lastname: {
type: String,
maxlength: 32,
trim: true
},
email: {
type: String,
trim: true,
required: true,
unique: true
},
userinfo: {
type: String,
trim: true
},
encry_password: {
type: String,
required: true
},
salt: String,
role: {
type: Number,
default: 0
},
purchases: {
type: Array,
default: []
}
},
{ timestamps: true }
);
userSchema
.virtual("password")
.set(function(password) {
this._password = password;
this.salt = uuidv1();
this.encry_password = this.securePassword(password);
})
.get(function() {
return this._password;
});
userSchema.methods = {
autheticate: function(plainpassword) {
return this.securePassword(plainpassword) === this.encry_password;
},
securePassword: function(plainpassword) {
if (!plainpassword) return "";
try {
return crypto
.createHmac("sha256", this.salt)
.update(plainpassword)
.digest("hex");
} catch (err) {
return "";
}
}
};
module.exports = mongoose.model("User", userSchema);
SO please anyone tell me how to solve this problem while hiting this code to api mongo shell is also opend and mean while i also keep ROBO3T connected.
The GITHUB REPO i'm using code repository
I'm trying to reset the user password on redirecting the user to reset password page. On the 1st Singup I'm hashing the password and salt is generated and stored in database using CRYPTO. On reset password the new password is not getting updated it does not allow to signin using the updated password.
I tried using response.password which gives the updated password.Still couldn't figure out the solution.
Reset password :
exports.resetPassword = (req,res) => {
const {resetPasswordLink, newPassword } = req.body
if(resetPasswordLink){
jwt.verify(resetPasswordLink,process.env.JWT_RESET_PASSWORD, function(err,decoded){
if(err){
return res.status(401).json({
error : ' The Link has been expired ! , Try Again '
})
}
User.findOne({resetPasswordLink},(err,user)=>{
if(err || !user){
return res.status(401).json({
error: ' The Link has been expired ! , Try Again '
})
}
const updatedFields = {
password: newPassword,
resetPasswordLink: ''
}
user = _.extend(user,updatedFields)
user.save((err,result)=>{
if(err){
return res.status(400).json({
error: errorHandler(err)
})
}
return res.json({
message: ` Your Password Has Been Successfully Reset , Please Return to the SignIn Page to SignIn `
// result.password
})
})
})
})
}
}
UPDATE 4th August :
Here's the complete USER model
User Schema :
const mongoose = require('mongoose');
const crypto = require('crypto');
const userSchema = new mongoose.Schema(
{
username: {
type: String,
trim: true,
required: true,
max: 32,
unique: true,
index: true,
lowercase: true
},
name: {
type: String,
trim: true,
required: true,
max: 32
},
email: {
type: String,
trim: true,
required: true,
unique: true,
lowercase: true
},
profile: {
type: String,
required: true
},
hashed_password: {
type: String,
required: true
},
salt: String,
about: {
type: String
},
role: {
type: Number,
default: 0
},
photo: {
data: Buffer,
contentType: String
},
resetPasswordLink: {
data: String,
default: ''
}
},
{ timestamp: true }
);
userSchema
.virtual('password')
.set(function(password) {
// create a temporarity variable called _password
this._password = password;
// generate salt
this.salt = this.makeSalt();
// encryptPassword
this.hashed_password = this.encryptPassword(password);
})
.get(function() {
return this._password;
});
userSchema.methods = {
authenticate: function(plainText) {
return this.encryptPassword(plainText) === this.hashed_password;
},
encryptPassword: function(password) {
if (!password) return '';
try {
return crypto
.createHmac('sha1', this.salt)
.update(password)
.digest('hex');
} catch (err) {
return '';
}
},
makeSalt: function() {
return Math.round(new Date().valueOf() * Math.random()) + '';
}
};
module.exports = mongoose.model('User', userSchema);
problem is in your signin function where you have set expiry of 'jwt' and 'cookie' use { expiresIn: '1d' } instead of { expiresIn: '1' } because '1' means your jwt and cookie expires in 1 ms
const token = jwt.sign({ _id: user._id }, process.env.JWT_SECRET, { expiresIn: '1d' });
res.cookie('token', token, { expiresIn: '1d' });
i have a api with 2 models, Users and Books and i want to be able to do a favourite book list in the users model, how can it be done?
I think you could make a list of books within the users model but I do not really know how it should be done in mongo models or what the method would be like
There are my models:
User model
const schema = new Schema({
username: { type: String, unique: true, required: true },
hash: { type: String, required: true },
firstName: { type: String, required: true },
lastName: { type: String, required: true },
email: { type: String, required: false },
image: { type: String, required: false },
createdDate: { type: Date, default: Date.now }
});
Book model
const schema = new Schema({
BookTitulo: String,
BookSinopsis: String,
BookISBN: String,
BookPortada: String,
BookGenero: String,
BookAutor: String,
BookPaginas: Number,
BookPuntuacion: Number,
BookPrecio: Number,
updatedAt: { type: Date, default: Date.now },
});
And the user methods:
async function authenticate({ username, password }) {
const user = await User.findOne({ username });
if (user && bcrypt.compareSync(password, user.hash)) {
const { hash, ...userWithoutHash } = user.toObject();
const token = jwt.sign({ sub: user.id }, config.secret);
return {
...userWithoutHash,
token
};
}
}
async function getAll() {
return await User.find().select('-hash');
}
async function getById(id) {
return await User.findById(id).select('-hash');
}
async function create(userParam) {
// validate
if (await User.findOne({ username: userParam.username })) {
throw 'Username "' + userParam.username + '" is already taken';
}
const user = new User(userParam);
// hash password
if (userParam.password) {
user.hash = bcrypt.hashSync(userParam.password, 10);
}
// save user
await user.save();
}
async function update(id, userParam) {
const user = await User.findById(id);
// validate
if (!user) throw 'User not found';
if (user.username !== userParam.username && await User.findOne({ username: userParam.username })) {
throw 'Username "' + userParam.username + '" is already taken';
}
// hash password if it was entered
if (userParam.password) {
userParam.hash = bcrypt.hashSync(userParam.password, 10);
}
// copy userParam properties to user
Object.assign(user, userParam);
await user.save();
}
async function _delete(id) {
await User.findByIdAndRemove(id);
}
I have this signup method to save a user.
exports.signup = function(req, res) {
// Initialize the variables
var user = new User(req.body);
var message = null;
user.provider = 'local';
// save the user
user.save(function(err) {
if (err) {
console.log(err);
return res.status(400).send({
message: errorHandler.getErrorMessage(err)
});
} else {
req.login(user, function(err) {
if (err) {
res.status(400).send(err);
} else {
res.json(user);
}
});
}
});
};
Her is my Schema.
var UserSchema = new Schema({
name: {
type: String,
required: true
},
email: {
type: String,
index: true,
match: [/.+\#.+\..+/, "Please fill valid e-mail address"]
},
username: {
type: String,
trim: true,
unique: "Username should be unique",
required: true
},
password: {
type: String,
validate: [
function (password) {
return password && password.length > 6;
},
"Password should be greater than six letters"
]
},
salt: {
type: String
},
provider: {
type: String,
required: "Provider is required"
},
providerId: String,
providerData: {},
created: {
type: Date,
default: Date.now()
}
});
When I make a post request in an empty collection, the first is saved, but after that i am getting this error.
MongoError: Projection cannot have a mix of inclusion and exclusion.
at Function.MongoError.create (/home/sinnedde/WebstormProjects/mean-chatapp/node_modules/mongodb-core/lib/error.js:31:11)
at queryCallback (/home/sinnedde/WebstormProjects/mean-chatapp/node_modules/mongodb-core/lib/cursor.js:212:36)
at /home/sinnedde/WebstormProjects/mean-chatapp/node_modules/mongodb-core/lib/connection/pool.js:455:18
at _combinedTickCallback (internal/process/next_tick.js:67:7)
at process._tickCallback (internal/process/next_tick.js:98:9)
POST /signup 500 1445.231 ms - 615
Please help.
First req.body
{
"name":"John",
"email": "johndoe#gmail.com",
"username": "john123",
"password": "password"
}
Second req.body
{
"name":"Jane",
"email": "janedoe#gmail.com",
"username": "jane123",
"password": "password"
}
I have a problem with mongoose, when i use the method findByIdi receive error :
CastError: Cast to ObjectId failed for value "protected" at path "_id"
My _id is valid tested by mongoose.Types.ObjectId.isValid(_id);
I also tested to convert my string _id to ObjectId: mongoose.Types.ObjectId(_id) same error...
My Model is :
var UserSchema = new Schema({
_id: {type:ObjectIdSchema, default: function () { return new ObjectId()} },
email: { type: String, unique: true, required: true },
pseudonyme: { type: String, unique: true, required: true },
password: { type: String, required: true }})
I use node v6.7.0 and mongoose v4.6.5
Thks in advance for your help,
Full Code :
const jwtLogin = new JwtStrategy(jwtOptions, function(payload, done) {
//payload { _id: "58109f58e1bc7e3f28751cdb",email: "antoine.drian#laposte.net",exp: 1477494763,firstName: "antoine",iat: 1477484683,lastName: "drian"}
var isValid = mongoose.Types.ObjectId.isValid(payload._id);
if(!isValid) done(null, false);
var ObjectId = mongoose.Types.ObjectId;
var _id = ObjectId(payload._id);
User.findById( _id , function(err, user) {
if (err) { return done(err, false); }
if (user) {
done(null, user);
} else {
done(null, false);
}
});
});
models/User.js
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var ObjectIdSchema = Schema.ObjectId;
var ObjectId = mongoose.Types.ObjectId;
var bcrypt = require('bcrypt');
// set up a mongoose model
var UserSchema = new Schema({
// _id: {type: Schema.Types.ObjectId, auto: true},
email: { type: String, unique: true, required: true },
pseudonyme: { type: String, unique: true, required: true },
password: { type: String, required: true },
profile: {
firstName: { type: String, required: true },
lastName: { type: String, required: true },
birthdate: { type: Date },
gender: { type: String, enum: ['Male', 'Female'] },
}
}, {
timestamps: true
});
UserSchema.pre('save', function(next) {
var user = this;
if (this.isModified('password') || this.isNew) {
bcrypt.genSalt(10, function(err, salt) {
if (err) {
return next(err);
}
bcrypt.hash(user.password, salt, function(err, hash) {
if (err) {
return next(err);
}
user.password = hash;
next();
});
});
} else {
return next();
}
});
UserSchema.methods.comparePassword = function(passw, cb) {
bcrypt.compare(passw, this.password, function(err, isMatch) {
if (err) {
return cb(err);
}
cb(null, isMatch);
});
};
module.exports = mongoose.model('User', UserSchema);
I found the solution it was just a route conflict between two routes with ExpressJS.
There is no relation between the both.
Thks all people for your help
Try removing the _id from your schema.
var UserSchema = new Schema({
email: { type: String, unique: true, required: true },
pseudonyme: { type: String, unique: true, required: true },
password: { type: String, required: true }
});
Try using the playload_id directly without casting it like below
User.findById( payload._id , function(err, user) {
if (err) { return done(err, false); }
if (user) {
done(null, user);
} else {
done(null, false);
}
});
first don't define _id in your Schema, and change 'isValid', use this instead
var UserSchema = new Schema({
email: { type: String, unique: true, required: true },
pseudonyme: { type: String, unique: true, required: true },
password: { type: String, required: true }
})
and if is there an error keep it as first parameter EX : done(err) otherwise use null, EX: done(null, result)
const jwtLogin = new JwtStrategy(jwtOptions, function(payload, done) {
var _id = mongoose.mongo.ObjectId(payload._id);
User.find( {_id : _id} , function(err, user) {
if (err) { return done(err); }
if (user) {
done(null, user);
} else {
done(new Error('User not found!!!'));
}
});
});