Hash pw in POST /admins

Mongoose findOneAndUpdate bypasses hooks Automattic/mongoose#964
jhhayashi · Dec 20, 2016 · a2652f5 · a2652f5
1 parent 3722089
commit a2652f5
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/controllers/admins.js b/controllers/admins.js
@@ -1,4 +1,5 @@
 const User = require('../models/schemas/user');
+const bcrypt = require('bcrypt-nodejs');
 
 exports.createAdmin = (req, res, next) => {
     if (typeof req.body.email !== 'string')
@@ -53,6 +54,10 @@ exports.createAdmin = (req, res, next) => {
     if (req.body.hash)
         userData.hash = req.body.hash;
 
+    // hash pw, since mongoose findOneAndUpdate bypasses hooks
+    // https://github.com/Automattic/mongoose/issues/964
+    userData.hash = bcrypt.hashSync(userData.hash);
+
     if (userData.phone)
         var userQuery = {$or: [{email: userData.email}, {phone: userData.phone}]};
     else