Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check user password #193

Closed
codermapuche opened this Issue May 3, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@codermapuche
Copy link

codermapuche commented May 3, 2016

Hi. I try to build a profile page when the user to update your information is forcet to re-enter your actual password, for this, before update i build a hook to compare the password provided with the current stored:

profileUserService.before({

 patch : [
    auth.verifyToken(),
    auth.populateUser(),
    auth.restrictToAuthenticated(),
    function(hook) {          
      // Only patch current user.
      hook.id = hook.params.user.id;

      return userService
               .getFull(hook.id)
               .then(function(user) {
                 // How to compare here hook.data.password with user.password???
                         // hook.data.password is not hashed (example: abc123)
                         // user.password is a stored password hash
                 throw new errors.BadRequest(`Invalid request`, {
                   errors: [
                     { path: 'password',
                       value: '********',
                       message: `La clave actual es incorrecta`
                     }
                   ]
                 });
               });
    }
  ]
});

try to hash hook.data.password with hook auth.hashPassword() but every time produces a diferent hash for same password and i can compare it when stored hash.

Any ideas?

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented May 3, 2016

Maybe try using the bcryptjs module directly.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented May 18, 2016

As @marshallswain mentioned, you should be able to use bcryptjs directly:

const bcrypt = require('bcryptjs');

bcrypt.compare(password, user.passwordfield, function(error, result) {
  if (error) {
    // handle crypto error
  } else if (result) {
    // handle success
  } else {
    // wrong password
  }
});

I am going to close this. Please reopen if that didn't work for you.

@daffl daffl closed this May 18, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.