What is your hint or solution suggestion?
Change:
password: req.body.password
To:
password: bcrypt.hashSync(req.body.password, 12)
And in your local strategy change:
if(password !== user.password)
To:
if(!bcrypt.compareSync(password, user.password))
Challenge: Hashing Your Passwords
Link to the challenge: