From 96d9b38d301735aae637462fc07ba199a9462717 Mon Sep 17 00:00:00 2001
From: Aryan Raj <aryanrajnc8521@gmail.com>
Date: Sun, 24 May 2026 12:44:24 +0530
Subject: [PATCH 1/2] User.js

Updated pre-save hook to include next() for proper middleware flow and error handling.
---
 backend/models/User.js | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/backend/models/User.js b/backend/models/User.js
index eb506ed5..fed589a9 100644
--- a/backend/models/User.js
+++ b/backend/models/User.js
@@ -19,11 +19,15 @@ const UserSchema = new mongoose.Schema({
 });
 
 // ✅ FIXED: no next()
-UserSchema.pre('save', async function () {
-  if (!this.isModified('password')) return;
-
-  const salt = await bcrypt.genSalt(10);
-  this.password = await bcrypt.hash(this.password, salt);
+UserSchema.pre('save', async function (next) {
+  if (!this.isModified('password')) return next();
+  try {
+      const salt = await bcrypt.genSalt(10);
+      this.password = await bcrypt.hash(this.password, salt);
+      next(); // Tells Mongoose hashing is done, save the document now
+  } catch (err) {
+    next(err); // Safely passes any encryption errors to the database handler
+  }
 });
 
 // ✅ password comparison
@@ -31,4 +35,4 @@ UserSchema.methods.comparePassword = async function (enteredPassword) {
   return bcrypt.compare(enteredPassword, this.password);
 };
 
-module.exports = mongoose.model("User", UserSchema);
\ No newline at end of file
+module.exports = mongoose.model("User", UserSchema);

From 0fa4b263bd2ad49917d5f54466ac434cb6e1c34c Mon Sep 17 00:00:00 2001
From: Aryan Raj <aryanrajnc8521@gmail.com>
Date: Sun, 24 May 2026 19:21:53 +0530
Subject: [PATCH 2/2] passportConfig.js

---
 backend/config/passportConfig.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/backend/config/passportConfig.js b/backend/config/passportConfig.js
index 842f50ca..173ff8a9 100644
--- a/backend/config/passportConfig.js
+++ b/backend/config/passportConfig.js
@@ -7,7 +7,7 @@ passport.use(
         { usernameField: "email" },
         async (email, password, done) => {
             try {
-                const user = await User.findOne( {email} );
+                const user = await User.findOne( {email} ).select("+password");;
                 if (!user) {
                     return done(null, false, { message: 'Email is invalid '});
                 }
@@ -38,7 +38,10 @@ passport.serializeUser((user, done) => {
 passport.deserializeUser(async (id, done) => {
     try {
         const user = await User.findById(id);
-        done(null, user);
+        if (!user) {
+            return done(null, false);
+        }
+        done(null,user);
     } catch (err) {
         done(err, null);
     }