Merge pull request Relief-1#19 from thejh/hash-in-function

[refactor] put password hashing in its own function
AvianFlu · Sep 2, 2011 · 3183066 · 3183066
2 parents 8eaa226 + d42b291
commit 3183066
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/lib/login.js b/lib/login.js
@@ -49,11 +49,7 @@ Login.prototype.userLogin = function (email, password, callback) {
       self.emit('error::login', err);
       return callback(err);
     }
-    // Settings should be replaced with nconf, which is built into hook.io.
-    // this would be something like self.config.get('login:hash')
-    var hash = crypto.createHash(settings.loginManager.hash);
-    hash.update(doc.salt + password);
-    if (hash.digest('hex') === doc.hash) {
+    if (hash(doc.salt, password) === doc.hash) {
       return callback(null, doc);
     }
     callback(new Error('Invalid login.'));
@@ -77,13 +73,11 @@ Login.prototype.userRegister = function (email, password, callback) {
     return callback({reason: 'invalid e-mail', code: Login.INVALID_EMAIL});
   }
 
-  var hash = crypto.createHash(settings.loginManager.hash);
   var salt = self.saltGenerate();
-  hash.update(salt + password);
 
   var user = {
     salt: salt,
-    hash: hash.digest('hex')
+    hash: hash(salt, password)
   };
   db.put('user-' + encodeURIComponent(email), user, function (err, res) {
     if (err) {
@@ -97,3 +91,11 @@ Login.prototype.userRegister = function (email, password, callback) {
   });
 }
 
+function hash(salt, password) {
+  // Settings should be replaced with nconf, which is built into hook.io.
+  // this would be something like self.config.get('login:hash')
+  var hash = crypto.createHash(settings.loginManager.hash);
+  hash.update(salt + password);
+  return hash.digest('hex');
+}
+