登录时遇Error: data and hash arguments required及User.find()问题求助
User.find() & "data and hash arguments required" Error During Login Let's break down what's likely going on here—even though you're successfully passing the username and password through to your login method, those two errors point to specific issues in how you're querying the user and validating the password.
First, let's tackle the Error: data and hash arguments required—this almost always comes from the bcrypt.compare() call (or any bcrypt hash/verify method) receiving an undefined or empty value for either the plaintext password or the hashed password from your database. Combine that with the User.find() error, and here's the most common scenario:
1. You're using User.find() instead of User.findOne() for login
User.find() returns an array of matching documents, even if only one user exists. If you're trying to access user.password directly from that array, you'll get undefined (since arrays don't have a password property). When you pass that undefined value to bcrypt.compare(), it throws the "data and hash arguments required" error.
Fix this by switching to User.findOne() to fetch a single user object:
// In usercrud.js's login method async function login(username, password) { // Use findOne instead of find to get a single user document const user = await User.findOne({ username: username }); // First check if the user exists if (!user) { return { success: false, message: "User not found" }; } // Then verify the password exists in the document if (!user.password) { return { success: false, message: "Corrupted user data: no password stored" }; } // Now safely compare passwords const isPasswordMatch = await bcrypt.compare(password, user.password); if (isPasswordMatch) { return { success: true, user: { username: user.username } }; // Return only necessary data } else { return { success: false, message: "Incorrect password" }; } }
2. Double-check your password storage during registration
Even if you're passing the password correctly during login, make sure your registration flow is properly hashing the password before saving it to MongoDB. If the password field in your lucky user document is empty, plaintext, or corrupted, bcrypt.compare() will still throw that error.
For example, your registration code should look something like this:
async function register(username, password) { const hashedPassword = await bcrypt.hash(password, 10); // 10 is the salt rounds const newUser = new User({ username: username, password: hashedPassword // Store the hash, not plaintext }); await newUser.save(); }
3. Verify parameter order in bcrypt.compare()
Another easy mistake: bcrypt.compare() expects the plaintext password first, then the hashed password from the database. If you've swapped these around, it won't throw the "arguments required" error, but it will always return false for the password match—leading to a failed login even with correct credentials.
Quick Debugging Steps
To confirm exactly where things are breaking, add console logs in your login method:
async function login(username, password) { console.log("Received login credentials:", username, password); // Confirm values are correct const user = await User.findOne({ username: username }); console.log("Fetched user from DB:", user); // Check if user exists and has a password if (user) console.log("Stored password hash:", user.password); // Rest of your logic... }
These logs will tell you if the user is being found, if the password field is present, and if the values you're passing to bcrypt are valid.
内容的提问来源于stack exchange,提问作者Mani Kant Tiwari
