"Error: Illegal arguments: string, undefined" and stop server in node JS

Question

I'm trying to build logging application in node JS. in here password authentication app do not work properly. when i enter username and password it occur following error and stop server.

this is the error.

Here is the code for authentication part

passport.use(new LocalStrategy(
function(username, password, done) {
    User.getUserByUsername(username, function(err, user){
       if(err) throw err;
       if (!user) {
           return done(null, false, {message: 'Unknown user'});
       } 

       User.comparePassword(password, user.password, function(err, isMatch){
           if(err) throw err;
           if (isMatch) {
               return done(null, user);
           } else {
               return done(null, false, {message: 'Invalid password'});
           }
       });
    });
}));

This code work for Unknown user. but it is not working for comparing username and password. i cannot see any bug in here. i want a help for solve this.

Answer 1

In my case i forgot to select the password because in database the password was ((select: false))

this code for app

const user = await User.findOne({email}).select("+password")

i forgot to append the ((.select("+password")))to the findOne

and I received this error ; Error: Illegal arguments: string, undefined

and this code for database

const User = new mongoose.Schema({
    username:{
        type:String,
        required: [true,"نام کاربری ضروری است"]
    },
    email:{
        type:String,
        required: [true,"رایانامه ضروری است"],
        unique: true,
        match:[
            /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{1,3})$/,
            "لطفا یک رایانامه صحیح وارد کنید"
        ]
    },
    password:{
        type:String,
        required:[true,"رمز ضروری است"],
        minlegth: 5,
        select: false
    }
})

Answer 2

Simple Solution:

1: Go to your model and check for, select property. If true or false.

2: If it is false, then you need to manually query it.

Example:

Suppose password field in our model look like this.

// using mongoose
const userShema = new mongoose.Schema({
// All other fields
password: {
    type: String,
    select: false, // By default not selected. Require manual query
  },
});

// Rest of the stuff

Now getting this password along with other data.

  // Find user by id and also select the password field in the result
  const user = await User.findById(req.user.id).select("+password");
  
 // log it
 console.log(user.password);

 // rest...

Note: User proper async await & try catch.

Answer 3

for my case I havn't gave "await" keyword when I was writing code to connect to database and find the password, so I got the same error

router.post("/login", async function (req, res) {

  const userdata = req.body;
  const enteredEmail = userdata.email;
  const enteredPassword = userdata.password;

  const existingUser =await db
      .getDb()
      .collection("users")
      .findOne({ email: enteredEmail });

  if (!existingUser) {
    console.log('Could not log in!')
    return res.redirect('/login')
  }

  const passwordsAreEqual = await bcrypt.compare(enteredPassword, 
existingUser.password);

  if (!passwordsAreEqual) {
    console.log("Could not log in! Incorrect Password");
    return res.render('/login')

  }
  console.log('User is authenticated');
  res.redirect('/admin');
  });

Answer 4

In my own case , I just want to check if the old password matches the password in Db but got the error , here is my code below:

changePassword = asyncHandler (async (req: IGetUserAuthInfoRequest, res: Response) => {
  const user = await User.findById(req.user._id)
  const {oldPassword, password} = req.body

  if(!user) {
    res.status(400)
    throw new Error("User not found, please signup")
  }

  // Validate
  if(!oldPassword || !password) {
    res.status(400)
    throw new Error("Please add old and new password")
  }

  // Check if old password matches password in DB
  const passwordIsCorrect = await bcrypt.compare(oldPassword, user.password)

  // Save new password
  if(user && passwordIsCorrect) {
    user.password = password
    await user.save()
    res.status(200).send("Password change successful")
  } else {
    res.status(400)
    throw new Error("Old password is incorrect")
  }

});

Answer 5

You can write a code like this: After this.findOne({ select: [] ........}) ... I hope this is helpful

async validateUserPassword(loginDto: AuthLoginDto): Promise<User> {
    const { mobile, email, password } = loginDto;
    const user = await this.findOne({
      select: ['id', 'email', 'mobile', 'password', 'salt', 'status', 'logged_at'],
      where: [
        { mobile: mobile },
        { email: email }
      ]

    });

    if (user && await user.validatePassword(password)) {
      const logged_at = {
        logged_at: new Date()
      }
      await this.update({ id: user.id }, logged_at)
      return user;
    } else {
      return null;
    }
  }
  
  async validatePassword(password: string): Promise<boolean> {
    const hash = await bcrypt.hash(password, this.salt);
    return hash === this.password;
  }

Answer 6

In my case, I was using arrow function

userSchema.methods.comparePassword = async (enterdPassword) => {
  return await bcrypt.compare(enterdPassword, this.password);
};

which I converted to normal function

userSchema.methods.comparePassword = async function (enterdPassword) {
  return await bcrypt.compare(enterdPassword, this.password);
};

that solved the problem

Answer 7

You need to apply await to your salt and password assignments too.

Like this,

const salt = await bcrypt.genSaltSync(10);
const password = await req.body.password;

Answer 8

Here We are grabbing username and password from the sign in page AND finding our user by the username from the database and then Matching its encrypted password with an entered password by the user

passport.use(new LocalStrategy(
    (username,password,done)=> {
        db.users.findOne({username: username},(err, user)=> {
            if(err) return done(err);

            if(!user) {
                return done(null,false,{message: 'Incorrect Username'});
            }
            bcrypt.compare(password, user.password,(err,isMatch)=> {
                if(err) return done(err);
                if(isMatch) {
                    return done(null, user);
                } else {
                    return done(null, false,{message: 'Incorrect Password'});
                }
            });
         });
      }
   ));

Answer 9

At

"models/user.js"

Inside comparePassword

module.exports.comparePassword = (candidatePassword, hash, callback) => {...) 

Add this code:

bcrypt.hash(candidatePassword, 10, (err, hash) => {
    if(err) {
        throw err;
    }
    bcrypt.compare(candidatePassword, hash, (err, isMatch) => {
        if(err) {
            throw err;
        }
        callback(null, isMatch);
    });
});

Answer 10

In my case, I'm using social signin/signup. When the user is signing up using a social login option, the value of the password stored is "NULL".

So I just added this little check :

  comparePassword: function(password, user){
    if (!user.password)
      return false;
    return bcrypt.compareSync(password, user.password);
  }

Answer 11

I found the problem in here. it is not things regarding the code.

The thing is i had registered two users with same user name and different password. then when i tried to login with the user name and one password it occurred this error and stop the server.

Because there is embarrassing situation with find password to username that user entered. because there are two password with same username.