0
    const express = require('express');
const router = express.Router();
const auth = require('../../middleware/auth');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const config = require('config');
const { check, validationResult } = require('express-validator');
 
 
const User = require('../../models/User');
// @route Get api/auth
// @desc Test route
// @access Public
router.get('/', auth, async (req, res) => {
 
 
  try {
    const user = await User.findById(req.user.id).select('-password');
    res.json(user);
  } catch(err) {
    console.error(err.message);
    res.status(500).send('Server Error')
  }
});
 
 
// @route POST api/auth
// @desc Authenticate User And Get Token
// @access Public
router.post('/',
[
  check('email', 'Please include a valid email').isEmail(),
  check('password', 'Password is required').exists()
],
 
async (req, res) => {
 
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array()});
  }
 
  const { email, password } = req.body;
 
  try {
    // See if user exists
      let user = await User.findOne({ email})
 
      if (!user) {
        return res
        .status(400)
        .json({ errors: [ { msg: 'Invalid Credentials Email' } ] });
      }
 
 
    // Make Sure Password matches
      const isMatch = await bcrypt.compare(password, user.password);
 
      if(!isMatch) {
        return res
        .status(400)
        .json({ errors: [ { msg: 'Invalid Credentials Password' } ] });
      }
 
 
 
      const payload = {
        user: {
          id: user.id
        }
      }
 
      jwt.sign(
        payload,
        config.get('jwtSecret'),
        { expiresIn: 360000 },
        (err, token) => {
          if(err) throw err;
 
          res.json({ token });
        }
        );
  } catch(err) {
    console.error(err.message);
    res.status(500).send('Server error')
  }
 
 
});
 
module.exports = router

In my database I have email and password in my postman when i make POST request to https://localhost:5000/api/auth

the email is correct however I keep getting password is not correct with this const isMatch = await bcrypt.compare(password, user.password);

  if(!isMatch) {
    return res
    .status(400)
    .json({ errors: [ { msg: 'Invalid Credentials Password' } ] });
  }

i console logged both password and user.password and it is the same value, i dont understand why !isMatch is keep getting triggered

can anyone help me

tryingToBeBetter
  • 365
  • 1
  • 6
  • 16
  • What do you mean when you say "i console logged both password and user.password and it is the same value". Where did you log it? – Naveen Chahar Nov 13 '20 at 07:51

1 Answers1

0

The syntax of bcrypt.compare() is:

bcrypt.compare(plaintextPassword, hash)...

The first parameter is plaintext password and second is hash of the real password so it will not be the same value. As you mentioned that your password and user.password is the same value, I guess you forgot to hash user password before saving it to the DB. Please check the docs for more details.

Cuong Le Ngoc
  • 11,595
  • 2
  • 17
  • 39