added bcrypt to encrypt passwords in db
This commit is contained in:
parent
671acec218
commit
436067150e
3 changed files with 65 additions and 23 deletions
|
@ -1,3 +1,7 @@
|
||||||
|
'use strict';
|
||||||
|
const bcrypt = require('bcrypt');
|
||||||
|
const logger = require('winston');
|
||||||
|
|
||||||
module.exports = (sequelize, { STRING }) => {
|
module.exports = (sequelize, { STRING }) => {
|
||||||
const User = sequelize.define(
|
const User = sequelize.define(
|
||||||
'User',
|
'User',
|
||||||
|
@ -20,10 +24,37 @@ module.exports = (sequelize, { STRING }) => {
|
||||||
User.hasOne(db.Channel);
|
User.hasOne(db.Channel);
|
||||||
};
|
};
|
||||||
|
|
||||||
User.prototype.validPassword = (givenpassword, thispassword) => {
|
User.prototype.comparePassword = function (password, callback) {
|
||||||
console.log(`${givenpassword} === ${thispassword}`);
|
logger.debug(`User.prototype.comparePassword ${password} ${this.password}`);
|
||||||
return (givenpassword === thispassword);
|
bcrypt.compare(password, this.password, callback);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// pre-save hook method to hash the user's password before the user's info is saved to the db.
|
||||||
|
User.hook('beforeCreate', (user, options) => {
|
||||||
|
logger.debug('...beforeCreate hook...');
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
// generate a salt string to use for hashing
|
||||||
|
bcrypt.genSalt((saltError, salt) => {
|
||||||
|
if (saltError) {
|
||||||
|
logger.error('salt error', saltError);
|
||||||
|
reject(saltError);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// generate a hashed version of the user's password
|
||||||
|
bcrypt.hash(user.password, salt, (hashError, hash) => {
|
||||||
|
// if there is an error with the hash generation return the error
|
||||||
|
if (hashError) {
|
||||||
|
logger.error('hash error', hashError);
|
||||||
|
reject(hashError);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// replace the password string with the hash password value
|
||||||
|
user.password = hash;
|
||||||
|
resolve();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
return User;
|
return User;
|
||||||
};
|
};
|
||||||
|
|
|
@ -27,6 +27,7 @@
|
||||||
"homepage": "https://github.com/lbryio/spee.ch#readme",
|
"homepage": "https://github.com/lbryio/spee.ch#readme",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"axios": "^0.16.1",
|
"axios": "^0.16.1",
|
||||||
|
"bcrypt": "^1.0.3",
|
||||||
"body-parser": "^1.17.1",
|
"body-parser": "^1.17.1",
|
||||||
"config": "^1.26.1",
|
"config": "^1.26.1",
|
||||||
"connect-multiparty": "^2.0.0",
|
"connect-multiparty": "^2.0.0",
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
|
||||||
const PassportLocalStrategy = require('passport-local').Strategy;
|
const PassportLocalStrategy = require('passport-local').Strategy;
|
||||||
const db = require('../models');
|
const db = require('../models');
|
||||||
const logger = require('winston');
|
const logger = require('winston');
|
||||||
|
@ -19,27 +20,36 @@ module.exports = new PassportLocalStrategy(
|
||||||
logger.debug('no user found');
|
logger.debug('no user found');
|
||||||
return done(null, false, {message: 'Incorrect username or password.'});
|
return done(null, false, {message: 'Incorrect username or password.'});
|
||||||
}
|
}
|
||||||
if (!user.validPassword(password, user.password)) {
|
|
||||||
logger.debug('incorrect password');
|
|
||||||
return done(null, false, {message: 'Incorrect username or password.'});
|
|
||||||
}
|
|
||||||
logger.debug('user found:', user.dataValues);
|
logger.debug('user found:', user.dataValues);
|
||||||
userInfo['id'] = user.id;
|
logger.debug('...comparing password...');
|
||||||
userInfo['userName'] = user.userName;
|
return user.comparePassword(password, (passwordErr, isMatch) => {
|
||||||
// channel stuff
|
if (passwordErr) {
|
||||||
return user.getChannel()
|
logger.error('passwordErr:', passwordErr);
|
||||||
.then(channel => {
|
return done(passwordErr);
|
||||||
userInfo['channelName'] = channel.channelName;
|
}
|
||||||
userInfo['channelClaimId'] = channel.channelClaimId;
|
|
||||||
return db.getShortChannelIdFromLongChannelId(channel.channelClaimId, channel.channelName);
|
if (!isMatch) {
|
||||||
})
|
logger.debug('incorrect password');
|
||||||
.then(shortChannelId => {
|
return done(null, false, {message: 'Incorrect username or password.'});
|
||||||
userInfo['shortChannelId'] = shortChannelId;
|
}
|
||||||
return done(null, userInfo);
|
logger.debug('...password was a match...');
|
||||||
})
|
userInfo['id'] = user.id;
|
||||||
.catch(error => {
|
userInfo['userName'] = user.userName;
|
||||||
throw error;
|
// get the User's channel info
|
||||||
});
|
return user.getChannel()
|
||||||
|
.then(channel => {
|
||||||
|
userInfo['channelName'] = channel.channelName;
|
||||||
|
userInfo['channelClaimId'] = channel.channelClaimId;
|
||||||
|
return db.getShortChannelIdFromLongChannelId(channel.channelClaimId, channel.channelName);
|
||||||
|
})
|
||||||
|
.then(shortChannelId => {
|
||||||
|
userInfo['shortChannelId'] = shortChannelId;
|
||||||
|
return done(null, userInfo);
|
||||||
|
})
|
||||||
|
.catch(error => {
|
||||||
|
throw error;
|
||||||
|
});
|
||||||
|
});
|
||||||
})
|
})
|
||||||
.catch(error => {
|
.catch(error => {
|
||||||
return done(error);
|
return done(error);
|
||||||
|
|
Loading…
Reference in a new issue