by req.username from db db.users.findOne({ email: req.body.email }, (err, user) => { ... // compare bcrypt for req.password to db hash baas.compare(req.body.password, user.passwordHash).then((e success) => { res.send(err || !success ? 401 : 200); }); }); });