Node.js and Passport Object has no method validPassword Node.js and Passport Object has no method validPassword mongodb mongodb

Node.js and Passport Object has no method validPassword


node.js mongodb authentication passport.js

You are using

if (!user.validPassword(password)) {    return done(null, false, { message: 'Incorrect password.' });}

but you haven't defined validPassword method. Attach it to your schema:

var authSchema = mongoose.Schema({     username: 'string',    password: 'string'});authSchema.methods.validPassword = function( pwd ) {    // EXAMPLE CODE!    return ( this.password === pwd );};

EDIT You've also incorrectly defined the schema. It should be:

var authSchema = mongoose.Schema({     username: String,    password: String});

Note that both username and password should be String type objects, not strings "string", if you know what I mean. :)

node.js mongodb authentication passport.js

Looks like you copied example from passportjs website, where Jared failed to mention how to implement it..

On the passport js github page he has another (simpler) example; he removed validPassword method altogether (line 18):

Example

if (user.password != password) { return cb(null, false); }

That's what I based my app on (using encryption) on top of it.

node.js mongodb authentication passport.js

Also being a noob at this, it took me a whole day to figure this one out. I used the history from another one of Jared's example apps and some crypto advice from folks on here.

First off I made a method that generates a salt (a big random number which is stringified), uses the salt and the user's password to create a hash (with the help of the nodejs 'crypto' module), and finally stores both the salt and the hash every time before mongoose saves a new account.

//make hashuserSchema.pre('save', function(next) {    var user = this;    if(!user.isModified('password')) return next();    var rand = (Math.floor(Math.random() * 1000000000)).toString(36);    var hash = crypto.createHash('md5').update(user.password + rand).digest("hex");    user.password = hash;    user.salt = rand;    next();});

For the verification I simply take the inputted password (at login) and attempt the make the same hash again using the salt. I then compare the stored hash to the new one and return true or false accordingly.

 // Password verification    userSchema.methods.validPassword = function(password) {      var testhash = crypto.createHash('md5').update(password + this.salt).digest("hex");      if(testhash === this.password) {        return true;      } else {        return false;      }    }

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last