I sign up and it generates the hash and salt. I login and everything works properly. My program was missing a reset password feature. So I added a forgot password which sends you a token in your email, then I use the token to change my password which updates the hash and salt to encrypted stuff. Then when I try to login with the new password it says password is incorrect.
hello is the password
var newSalt = crypto.randomBytes(64).toString('hex');
var newPassword = crypto.pbkdf2Sync('hello', newSalt, 10000, 64, 'sha512').toString('base64');
User.update({
myhash: newPassword,
mysalt: newSalt
},
{
where: {
token: 'VUQKPIElnpITEeBJVsuyGBE1EX7RaxPRD0BblhZqYrUjHH3fXcz3yiFc+fHtm0PtOR/7UCSAdlEoUbdtTlgS7g=='
}
});
Endpoints
// SIGNUP
router.post('/signup', (req, res) => {
User.register(new User({username: req.body.username, email: req.body.email}), req.body.password, function(err, user) {
if (err) {
console.log(err);
return res.send(err);
}
passport.authenticate("local")(req, res, function() {
return res.redirect("http://localhost:3000/login");
});
});
});
// CREATE TOKEN
router.post('/forgot-password', async function(req, res) {
var email = await User.findOne({where: { email: req.body.email}});
//create random token
var fpSalt = crypto.randomBytes(64).toString('base64');
await User.update(
{expiration: expireDate},
{where: {email: req.body.email}}
)
});
question from:
https://stackoverflow.com/questions/65952050/issues-with-passport-password-reset-in-nodejs 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
