Permalink
Browse files

fix(login): use bcrypt

  • Loading branch information...
hekike committed Aug 7, 2017
1 parent 7accca3 commit 9d69ea70b68c4971466c64382e5f038e3eda8d8a
Showing with 30 additions and 8 deletions.
  1. +5 −1 README.md
  2. +24 −7 app/authentication/init.js
  3. +1 −0 package.json
View
@@ -3,4 +3,8 @@
1. `git clone git@github.com:RisingStack/nodehero-authentication.git`
2. `cd nodehero-authentication`
3. `npm install`
4. `npm start`
4. `REDIS_STORE_URI=redis://localhost REDIS_STORE_SECRET=my-strong-secret npm start`
## Pre requirements
- Running [Redis](https://redis.io/) database
View
@@ -1,11 +1,18 @@
const passport = require('passport')
const bcrypt = require('bcrypt')
const LocalStrategy = require('passport-local').Strategy
const authenticationMiddleware = require('./middleware')
// Generate Password
const saltRounds = 10
const myPlaintextPassword = 'my-password'
const salt = bcrypt.genSaltSync(saltRounds)
const passwordHash = bcrypt.hashSync(myPlaintextPassword, salt)
const user = {
username: 'test-user',
password: 'test-password',
passwordHash,
id: 1
}
@@ -26,18 +33,28 @@ passport.deserializeUser(function (username, cb) {
function initPassport () {
passport.use(new LocalStrategy(
function(username, password, done) {
findUser(username, function (err, user) {
(username, password, done) => {
findUser(username, (err, user) => {
if (err) {
return done(err)
}
// User not found
if (!user) {
console.log('User not found')
return done(null, false)
}
if (password !== user.password ) {
return done(null, false)
}
return done(null, user)
// Always use hashed passwords and fixed time comparison
bcrypt.compare(password, user.passwordHash, (err, isValid) => {
if (err) {
return done(err)
}
if (!isValid) {
return done(null, false)
}
return done(null, user)
})
})
}
))
View
@@ -19,6 +19,7 @@
},
"homepage": "https://github.com/RisingStack/nodehero-authentication#readme",
"dependencies": {
"bcrypt": "1.0.2",
"body-parser": "1.15.1",
"connect-redis": "3.0.2",
"express": "4.13.4",

1 comment on commit 9d69ea7

@RoelRoel

This comment has been minimized.

Show comment
Hide comment
@RoelRoel

RoelRoel commented on 9d69ea7 Aug 16, 2017

+1

Please sign in to comment.