0

Currently having issues trying to compare the password I hashed with bcrypt. It always returns false when I compare it. Look at the code below and let me know what am doing bad

userSchema.pre("save", async function (next) {
    const salt = await bcrypt.genSalt();
    this.password = await bcrypt.hash(this.password, salt);
    next();
});
userSchema.statics.login = async function (email, password) {
    const user = await this.findOne({ email });
    if (user) {
        const isMatch = await bcrypt.compare(password, user.password);
        console.log(isMatch);
        if (isMatch) {
            return user;
        }
        throw Error("Incorrect password");
    }
    throw Error("Incorrect email");
};
Ekwue chibuzo
  • 1
  • Is the password being passed to the `userSchema.statics.login` method in plain text / unhashed? – jasonandmonte Dec 17 '20 at 05:54
  • It also looks like its common that the database field character length doesn't fully store the hash, so you could double check that as well. – jasonandmonte Dec 17 '20 at 06:03
  • yes the password and email passed to the method are the plain text gotten from the form itself – Ekwue chibuzo Dec 17 '20 at 13:10
  • I did a console.log(this.password) one the mongoose hook. it was called twice with the first log containing the actual hashed password but the second log also contained a hashed password-ish and was saved to the database. And will always throw an error – Ekwue chibuzo Dec 17 '20 at 15:40

0 Answers0