I'm using JWT with Passport for authentication in my app, but I don't know how to change the password.

This is my login function:

function login(req, res, next) { const userObj = { email: req.body.email, userType: req.body.userType }; UserSchema.findOneAsync(userObj, '+password') .then((user) => { if (!user) { const err = new APIError('User not found with the given email id', httpStatus.NOT_FOUND); return next(err); } else { user.comparePassword(req.body.password, (passwordError, isMatch) => { if (passwordError || !isMatch) { const err = new APIError('Incorrect password', httpStatus.UNAUTHORIZED); return next(err); } user.loginStatus = true; user.gpsLoc = [19.02172902354515, 72.85368273308545]; const token = jwt.sign(user, config.jwtSecret); UserSchema.findOneAndUpdateAsync({ _id: user._id }, { $set: user }, { new: true }) .then((updatedUser) => { const returnObj = { success: true, message: 'user successfully logged in', data: { jwtAccessToken: `JWT ${token}`, user: updatedUser } }; res.json(returnObj); }) .error((err123) => { const err = new APIError(`error in updating user details while login ${err123}`, httpStatus.INTERNAL_SERVER_ERROR); next(err); }); }); } }) .error((e) => { const err = new APIError(`erro while finding user ${e}`, httpStatus.INTERNAL_SERVER_ERROR); next(err); }); }

my user DB is like this.

import Promise from 'bluebird'; import mongoose from 'mongoose'; import httpStatus from 'http-status'; import APIError from '../helpers/APIError'; import bcrypt from 'bcrypt'; const UserSchema = new mongoose.Schema({ fname: { type: String, default: null }, lname: { type: String, default: null }, email: { type: String, required: true, unique: true }, password: { type: String, required: true, select: false }, }); UserSchema.pre('save', function userSchemaPre(next) { const user = this; if (this.isModified('password') || this.isNew) { bcrypt.genSalt(10, (err, salt) => { if (err) { return next(err); } bcrypt.hash(user.password, salt, (hashErr, hash) => { if (hashErr) { return next(hashErr); } user.password = hash; next(); }); }); } else { return next(); } }); UserSchema.methods.comparePassword = function comparePassword(pw, cb) { const that = this; bcrypt.compare(pw, that.password, (err, isMatch) => { if (err) { return cb(err); } cb(null, isMatch); }); };

I have made another function for reset password and matching checked old password is valid like login function, now I want to update new passport in DB. how will I do that?

Thanks a lot