modify password with expressjs mongoose passport-local

/models/db_Users.js

// bcrypt middlewareusersSchema.pre('save', function(next){    var user = this;    //check if password is modified, else no need to do anything    if (!user.isModified('pass')) {       return next()    }    user.pass = bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);    next()})

Inside your routes/users.js

var User = require('mongoose').model('Users')app.post('/changepass' , function (req, res, next) {     if (newpass !== newpassconfirm) {        throw new Error('password and confirm password do not match');     }     var user = req.user;     user.pass = newpass;     user.save(function(err){         if (err) { next(err) }         else {             res.redirect('/account');         }     })});

You could try something like this

app.post("/update/userid", function(req, res) {    var userid = req.params.id    var username = req.session.passport.user    var newPass = req.body.password    console.log(username, userid)    User.findByUsername(username).then(function(sanitizedUser) {        if (sanitizedUser) {            sanitizedUser.setPassword(newPass, function() {                sanitizedUser.save();                res.send('password reset successful');            });        } else {            res.send('user does not exist');        }    }, function(err) {        console.error(err);    })})