Hashing password before update a user in mongoose





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.



The middleware to get the user that I'm talking about:



exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};


The user controller, to update an user:



exports.update = async function(req, res, next) {

User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};


The pre 'save' on User's model:



UserSchema.pre("save", function(next) {

var user = this;

if (user.password) {

var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}

next();
});


I'm using passport authentication ('local'). Already tried user.save() on the controller update:



user.save();
res.json(user);


But, without success.










share|improve this question

























  • are you awaiting the user.save()?

    – Sid
    Jan 4 at 13:41











  • This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via res.json() in your controller? Also, is your pre('save') function being called at all?

    – BenSower
    Jan 4 at 14:14











  • Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing

    – Enslev
    Jan 4 at 14:54











  • Thanks for the tips guys. I will use another hash

    – Matheus Bernardi
    Jan 4 at 15:35


















0















I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.



The middleware to get the user that I'm talking about:



exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};


The user controller, to update an user:



exports.update = async function(req, res, next) {

User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};


The pre 'save' on User's model:



UserSchema.pre("save", function(next) {

var user = this;

if (user.password) {

var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}

next();
});


I'm using passport authentication ('local'). Already tried user.save() on the controller update:



user.save();
res.json(user);


But, without success.










share|improve this question

























  • are you awaiting the user.save()?

    – Sid
    Jan 4 at 13:41











  • This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via res.json() in your controller? Also, is your pre('save') function being called at all?

    – BenSower
    Jan 4 at 14:14











  • Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing

    – Enslev
    Jan 4 at 14:54











  • Thanks for the tips guys. I will use another hash

    – Matheus Bernardi
    Jan 4 at 15:35














0












0








0








I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.



The middleware to get the user that I'm talking about:



exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};


The user controller, to update an user:



exports.update = async function(req, res, next) {

User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};


The pre 'save' on User's model:



UserSchema.pre("save", function(next) {

var user = this;

if (user.password) {

var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}

next();
});


I'm using passport authentication ('local'). Already tried user.save() on the controller update:



user.save();
res.json(user);


But, without success.










share|improve this question
















I create the user, hash his password and save on mongo. My problem begins when I try to update that user. For now, when I update the hash isn't generated, cause I really don't know how to do it.



The middleware to get the user that I'm talking about:



exports.userByID = function(req, res, next, id) {
User.findOne(
{
_id: id
},
function(err, user) {
if (err) {
return next(err);
} else {
req.user = user;
next();
}
}
);
};


The user controller, to update an user:



exports.update = async function(req, res, next) {

User.findByIdAndUpdate(req.user.id, req.body, function(err, user) {
if (err) {
return next(err);
} else {
res.json(user);
}
});
};


The pre 'save' on User's model:



UserSchema.pre("save", function(next) {

var user = this;

if (user.password) {

var md5 = crypto.createHash("md5");
user.password = md5.update(user.password).digest("hex");
console.log("Password após o save (hasheando):" + user.password);
}

next();
});


I'm using passport authentication ('local'). Already tried user.save() on the controller update:



user.save();
res.json(user);


But, without success.







node.js mongodb mongoose passport.js






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 21 at 21:40









Ask Question Wizard

1541211




1541211










asked Jan 4 at 13:25









Matheus BernardiMatheus Bernardi

668




668













  • are you awaiting the user.save()?

    – Sid
    Jan 4 at 13:41











  • This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via res.json() in your controller? Also, is your pre('save') function being called at all?

    – BenSower
    Jan 4 at 14:14











  • Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing

    – Enslev
    Jan 4 at 14:54











  • Thanks for the tips guys. I will use another hash

    – Matheus Bernardi
    Jan 4 at 15:35



















  • are you awaiting the user.save()?

    – Sid
    Jan 4 at 13:41











  • This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via res.json() in your controller? Also, is your pre('save') function being called at all?

    – BenSower
    Jan 4 at 14:14











  • Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing

    – Enslev
    Jan 4 at 14:54











  • Thanks for the tips guys. I will use another hash

    – Matheus Bernardi
    Jan 4 at 15:35

















are you awaiting the user.save()?

– Sid
Jan 4 at 13:41





are you awaiting the user.save()?

– Sid
Jan 4 at 13:41













This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via res.json() in your controller? Also, is your pre('save') function being called at all?

– BenSower
Jan 4 at 14:14





This may sound stupid, but are you sure that the value was not updated? Did you check in the database, or only the value returned via res.json() in your controller? Also, is your pre('save') function being called at all?

– BenSower
Jan 4 at 14:14













Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing

– Enslev
Jan 4 at 14:54





Please don't use md5 for password hashing. It is far too easy to brute force. Try googling argon2 or just let a module handle the hashing

– Enslev
Jan 4 at 14:54













Thanks for the tips guys. I will use another hash

– Matheus Bernardi
Jan 4 at 15:35





Thanks for the tips guys. I will use another hash

– Matheus Bernardi
Jan 4 at 15:35












1 Answer
1






active

oldest

votes


















1














This is may be because you are not storing the new_password in the mongo.



In update controller you have to do like this:



User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});





share|improve this answer
























  • Works like a charm! Thank you

    – Matheus Bernardi
    Jan 4 at 15:34












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54039821%2fhashing-password-before-update-a-user-in-mongoose%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














This is may be because you are not storing the new_password in the mongo.



In update controller you have to do like this:



User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});





share|improve this answer
























  • Works like a charm! Thank you

    – Matheus Bernardi
    Jan 4 at 15:34
















1














This is may be because you are not storing the new_password in the mongo.



In update controller you have to do like this:



User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});





share|improve this answer
























  • Works like a charm! Thank you

    – Matheus Bernardi
    Jan 4 at 15:34














1












1








1







This is may be because you are not storing the new_password in the mongo.



In update controller you have to do like this:



User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});





share|improve this answer













This is may be because you are not storing the new_password in the mongo.



In update controller you have to do like this:



User.findByIdAndUpdate(req.user.id, req.body, function (err, user) {
if (err) {
return next(err);
} else {
user.password = req.body.new_password;
user.save(function (err, user) {
if (err) {
res.send("Error: ", err);
} else {
res.send("password updated successfully!");
}
})
}
});






share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 4 at 14:27









Nilay PatelNilay Patel

604




604













  • Works like a charm! Thank you

    – Matheus Bernardi
    Jan 4 at 15:34



















  • Works like a charm! Thank you

    – Matheus Bernardi
    Jan 4 at 15:34

















Works like a charm! Thank you

– Matheus Bernardi
Jan 4 at 15:34





Works like a charm! Thank you

– Matheus Bernardi
Jan 4 at 15:34




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54039821%2fhashing-password-before-update-a-user-in-mongoose%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Monofisismo

Angular Downloading a file using contenturl with Basic Authentication

Olmecas