When I call compareSync I get an error implying user.password is null (it is when I check as well). Is ‘user’ out of scope here? I did this when I try this with out the hash it works.
error:
Error: data and hash arguments required
Line in question:
if (!bcrypt.compareSync(password, user.password)) { return done(null, false); }
Full code:
const express = require('express');
const bodyParser = require('body-parser');
const passport = require('passport');
const session = require('express-session');
const mongo = require('mongodb').MongoClient;
const app = express();
const LocalStrategy = require('passport-local');
const bcrypt = require('BCrypt');
const ObjectID = require('mongodb').ObjectID;
require('dotenv').config()
app.set('view engine', 'pug');
app.use('/public', express.static(process.cwd() + '/public'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(session({
secret: process.env.SESSION_SECRET,
resave: true,
saveUninitialized: true,
}));
app.use(passport.initialize());
app.use(passport.session());
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) {
return next();
}
res.redirect('/');
};
mongo.connect(process.env.DATABASE, (err, client) => {
if(err) {
console.log('Database error: ' + err);
} else {
console.log('Successful database connection');
var db = client.db('mytestingdb');
passport.use(new LocalStrategy(
function(username, password, done) {
db.collection('users').findOne({ username: username }, function (err, user) {
console.log('User '+ username +' attempted to log in.');
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!bcrypt.compareSync(password, user.password)) { return done(null, false); }
return done(null, user);
});
}
));
passport.serializeUser((user, done) => {
done(null, user._id);
});
passport.deserializeUser((id, done) => {
db.collection('users').findOne(
{_id: new ObjectID(id)},
(err, doc) => {
done(null, doc);
}
);
});
app.route('/')
.get((req, res) => {
res.render(process.cwd() + '/views/pug/index', { title: 'Hello', message: 'Please login', showLogin: true,showRegistration: true });
});
app.route('/login')
.post(passport.authenticate('local', { failureRedirect: '/' }), (req, res) => {
res.redirect('/profile');
});
app.route('/profile')
.get(ensureAuthenticated, (req,res) => {
res.render(process.cwd() + '/views/pug/profile',{username:req.user.username});
});
app.route('/logout')
.get((req, res) => {
req.logout();
res.redirect('/');
});
app.route('/register')
.post((req, res, next) => {
var hash = bcrypt.hashSync(req.body.password, 8);
db.collection('users').findOne({ username: req.body.username }, function (err, user) {
if(err) {
next(err);
} else if (user) {
res.redirect('/');
} else {
db.collection('users').insertOne(
{username: req.body.username,
password: hash},
(err, doc) => {
if(err) {
res.redirect('/');
} else {
next(null, user);
}
}
)
}
})},
passport.authenticate('local', { failureRedirect: '/' }),
(req, res, next) => {
res.redirect('/profile');
}
);
app.use((req, res, next) => {
res.status(404)
.type('text')
.send('404 not Found');
});
app.listen(process.env.PORT || 3000, () => {
console.log("Listening on port " + "3000");
});
}});
edit: nvm the problem was just me testing with accounts I made using the other method