GitMetricsLab · mehul-m-prajapati · May 29, 2026 · May 24, 2026 · May 24, 2026
diff --git a/backend/config/passportConfig.js b/backend/config/passportConfig.js
@@ -7,7 +7,7 @@ passport.use(
         { usernameField: "email" },
         async (email, password, done) => {
             try {
-                const user = await User.findOne( {email} );
+                const user = await User.findOne( {email} ).select("+password");;
                 if (!user) {
                     return done(null, false, { message: 'Email is invalid '});
                 }
@@ -38,7 +38,10 @@ passport.serializeUser((user, done) => {
 passport.deserializeUser(async (id, done) => {
     try {
         const user = await User.findById(id);
-        done(null, user);
+        if (!user) {
+            return done(null, false);
+        }
+        done(null,user);
     } catch (err) {
         done(err, null);
     }

diff --git a/backend/models/User.js b/backend/models/User.js
@@ -19,16 +19,20 @@ const UserSchema = new mongoose.Schema({
 });
 
 // ✅ FIXED: no next()
-UserSchema.pre('save', async function () {
-  if (!this.isModified('password')) return;
-
-  const salt = await bcrypt.genSalt(10);
-  this.password = await bcrypt.hash(this.password, salt);
+UserSchema.pre('save', async function (next) {
+  if (!this.isModified('password')) return next();
+  try {
+      const salt = await bcrypt.genSalt(10);
+      this.password = await bcrypt.hash(this.password, salt);
+      next(); // Tells Mongoose hashing is done, save the document now
+  } catch (err) {
+    next(err); // Safely passes any encryption errors to the database handler
+  }
 });
 
 // ✅ password comparison
 UserSchema.methods.comparePassword = async function (enteredPassword) {
   return bcrypt.compare(enteredPassword, this.password);
 };
 
-module.exports = mongoose.model("User", UserSchema);
+module.exports = mongoose.model("User", UserSchema);