Hashing password before update a user in mongoose
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.
The middleware to get the user that I'm talking about:
exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};
The user controller, to update an user:
exports.update = async function(req, res, next) {
User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};
The pre 'save' on User's model:
UserSchema.pre("save", function(next) {
var user = this;
if (user.password) {
var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}
next();
});
I'm using passport authentication ('local'). Already tried user.save()
on the controller update:
user.save();
res.json(user);
But, without success.
node.js mongodb mongoose passport.js
add a comment |
I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.
The middleware to get the user that I'm talking about:
exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};
The user controller, to update an user:
exports.update = async function(req, res, next) {
User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};
The pre 'save' on User's model:
UserSchema.pre("save", function(next) {
var user = this;
if (user.password) {
var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}
next();
});
I'm using passport authentication ('local'). Already tried user.save()
on the controller update:
user.save();
res.json(user);
But, without success.
node.js mongodb mongoose passport.js
are you awaiting theuser.save()
?
– Sid
Jan 4 at 13:41
This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned viares.json()
in your controller? Also, is your pre('save') function being called at all?
– BenSower
Jan 4 at 14:14
Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing
– Enslev
Jan 4 at 14:54
Thanks for the tips guys. I will use another hash
– Matheus Bernardi
Jan 4 at 15:35
add a comment |
I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.
The middleware to get the user that I'm talking about:
exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};
The user controller, to update an user:
exports.update = async function(req, res, next) {
User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};
The pre 'save' on User's model:
UserSchema.pre("save", function(next) {
var user = this;
if (user.password) {
var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}
next();
});
I'm using passport authentication ('local'). Already tried user.save()
on the controller update:
user.save();
res.json(user);
But, without success.
node.js mongodb mongoose passport.js
I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.
The middleware to get the user that I'm talking about:
exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};
The user controller, to update an user:
exports.update = async function(req, res, next) {
User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};
The pre 'save' on User's model:
UserSchema.pre("save", function(next) {
var user = this;
if (user.password) {
var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}
next();
});
I'm using passport authentication ('local'). Already tried user.save()
on the controller update:
user.save();
res.json(user);
But, without success.
node.js mongodb mongoose passport.js
node.js mongodb mongoose passport.js
edited Jan 21 at 21:40
Ask Question Wizard
1541211
1541211
asked Jan 4 at 13:25
Matheus BernardiMatheus Bernardi
668
668
are you awaiting theuser.save()
?
– Sid
Jan 4 at 13:41
This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned viares.json()
in your controller? Also, is your pre('save') function being called at all?
– BenSower
Jan 4 at 14:14
Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing
– Enslev
Jan 4 at 14:54
Thanks for the tips guys. I will use another hash
– Matheus Bernardi
Jan 4 at 15:35
add a comment |
are you awaiting theuser.save()
?
– Sid
Jan 4 at 13:41
This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned viares.json()
in your controller? Also, is your pre('save') function being called at all?
– BenSower
Jan 4 at 14:14
Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing
– Enslev
Jan 4 at 14:54
Thanks for the tips guys. I will use another hash
– Matheus Bernardi
Jan 4 at 15:35
are you awaiting the
user.save()
?– Sid
Jan 4 at 13:41
are you awaiting the
user.save()
?– Sid
Jan 4 at 13:41
This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via
res.json()
in your controller? Also, is your pre('save') function being called at all?– BenSower
Jan 4 at 14:14
This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via
res.json()
in your controller? Also, is your pre('save') function being called at all?– BenSower
Jan 4 at 14:14
Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing
– Enslev
Jan 4 at 14:54
Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing
– Enslev
Jan 4 at 14:54
Thanks for the tips guys. I will use another hash
– Matheus Bernardi
Jan 4 at 15:35
Thanks for the tips guys. I will use another hash
– Matheus Bernardi
Jan 4 at 15:35
add a comment |
1 Answer
1
active
oldest
votes
This is may be because you are not storing the new_password
in the mongo.
In update controller
you have to do like this:
User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54039821%2fhashing-password-before-update-a-user-in-mongoose%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is may be because you are not storing the new_password
in the mongo.
In update controller
you have to do like this:
User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
add a comment |
This is may be because you are not storing the new_password
in the mongo.
In update controller
you have to do like this:
User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
add a comment |
This is may be because you are not storing the new_password
in the mongo.
In update controller
you have to do like this:
User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});
This is may be because you are not storing the new_password
in the mongo.
In update controller
you have to do like this:
User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});
answered Jan 4 at 14:27
Nilay PatelNilay Patel
604
604
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
add a comment |
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
Works like a charm! Thank you
– Matheus Bernardi
Jan 4 at 15:34
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54039821%2fhashing-password-before-update-a-user-in-mongoose%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
are you awaiting the
user.save()
?– Sid
Jan 4 at 13:41
This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via
res.json()
in your controller? Also, is your pre('save') function being called at all?– BenSower
Jan 4 at 14:14
Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing
– Enslev
Jan 4 at 14:54
Thanks for the tips guys. I will use another hash
– Matheus Bernardi
Jan 4 at 15:35