How to change my user password in passport?

Question

I have this functionality for my website:

password change functionality but I don't know how to make that work? this is data of one of my user:

{
"_id" : ObjectId("58529494f2c495228479660f"),
"salt" : "42499bf0fdc9280bf8eaac90e2f5e482c24913ef53897bdba67f9482816f3e3d",
"hash" : "c316f0c3ab55a138c2a2e4880058c74810b9ed63c8fde8d6c992c80d0cd56ecab6bcc3c090fcab8fa4ebff61e68c457793e683bcbea9b7af7afa52e544e4b6cc4393b5b42c2e1c7e74dbd1a5c5fcd710563060dfff0dc4f30f2bb2f164bacccb6866add883466bb38d7c65992560c5f34936eda191749d4bc39af5c3c177aa2af0aa947bec642586210284285c7a959d6fcd7ae8ff2000792210f4ea8d1627df9a855a074d0620a3aaf7037264874a88207023b596d68f199939c2afe1aedf60f9bd73ecbf27fa0b6285e8157b89b4bc26e9838eed53b4082e330e01d5f11266b920d48f18492dc25404b920eab3f258eda0a21f40ea6b3496ce27358c1a67b58807169ac8ecd19d73069f72cdabab89e4755236911f9a641c3cc1858c1c3379c6041a6422fca985ffff932a14490c1cede3a04a6ef88e9d3bcf894fac5865db48fa253796041e682d7e132d70cefd53a610dfb761e30382444fdfce6cb7e7c79c61e14e6a36ebfbe2d20e4aed88ec6e885a45d951959e186464eb6c4ee9501e17d029be8afa4ed2d3b3142639872edef993a0c45dc717e36cd6022bcb25991df499afc90d35cf803a97a043f45e392bfd4c12f6b959a58d3d18017cea3f8d63bf3c6a5aded3d5aa1269054ee5c9a32bc2e10c251fc12afb5d60f22b8723d79f792398f7bf4fe791b29d6a24438399d28bc9197ea95cf7d6cc22e64fe1a954de",
"username" : "Isaac",
"__v" : 0,
"email" : "[email protected]",
"name" : "Isaac"}

In order to reset the password we need to: 1- want user to put their current password 2- if that was true, we should delete the current password and replace the new hashed password with that

but I do not know how to do that, I can get their current password, new password and repeated password, but I do not know how to compare their password with current one. I will be really greatful if anyone can help me.

Answer 1

You have to compare tow hash values of old password and new password. First of all make a hash value of your new password using the given salt. and then compare with your old one.

Answer 2

So the idea basically is to take the user's new password , generate the salt, which will be used to encrypt the password and then pass the salt and the new password to generate the hash which is a combination of your new password and the salt you generated.

so first generate the salt and then generate the hash.

Next time when the user logins again get the salt from database then use the password specified by the user with the salt and generate the hash. Compare the two hash(one from the database and one user gave).If equal log him in else incorrect password. Go through the documentation of crypto for better understandibity.