Skip to content

Commit

Permalink
Hash passwords client-side before they go over the wire.
Browse files Browse the repository at this point in the history
  • Loading branch information
@queso
queso committed Jul 7, 2014
1 parent 0ffa30a commit f53c7c8
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
6 changes: 5 additions & 1 deletion client/views/signUp/signUp.coffee
View file
@@ -1,3 +1,7 @@
AccountsEntry.hashPassword = (password) ->
digest: SHA256(password),
algorithm: "sha-256"

AccountsEntry.entrySignUpHelpers = {
showEmail: ->
fields = AccountsEntry.settings.passwordSignupFields
Expand Down Expand Up @@ -131,7 +135,7 @@ AccountsEntry.entrySignUpEvents = {
newUserData =
username: username
email: email
password: password
password: AccountsEntry.hashPassword(password)
profile: filteredExtraFields
Meteor.call 'entryCreateUser', newUserData, (err, data) ->
if err
Expand Down
4 changes: 3 additions & 1 deletion package.js
View file
Expand Up @@ -15,7 +15,8 @@ Package.on_use(function(api) {
'session',
'coffeescript',
'simple-form',
'less']
'less',
'sha']
, 'client');


Expand Down Expand Up @@ -67,6 +68,7 @@ Package.on_use(function(api) {

// CLIENT and SERVER
api.imply('accounts-base', ['client', 'server']);
api.imply('accounts-password', ['client', 'server']);

This comment has been minimized.

Sign in to view

Copy link
@timbrandin

timbrandin Oct 2, 2014

Contributor

This package should not be here, it forces every other package using accounts-entry to use accounts password.
api.export('AccountsEntry', ['client', 'server']);
api.use('iron-router', ['client', 'server']);
api.use(['accounts-t9n'], ['client', 'server']);
Expand Down

0 comments on commit f53c7c8

Please sign in to comment.