added bcrypt to encrypt passwords in db

This commit is contained in:
bill bittner 2017-10-29 17:10:37 -07:00
parent 671acec218
commit 436067150e
3 changed files with 65 additions and 23 deletions

View file

@ -1,3 +1,7 @@
'use strict';
const bcrypt = require('bcrypt');
const logger = require('winston');
module.exports = (sequelize, { STRING }) => { module.exports = (sequelize, { STRING }) => {
const User = sequelize.define( const User = sequelize.define(
'User', 'User',
@ -20,10 +24,37 @@ module.exports = (sequelize, { STRING }) => {
User.hasOne(db.Channel); User.hasOne(db.Channel);
}; };
User.prototype.validPassword = (givenpassword, thispassword) => { User.prototype.comparePassword = function (password, callback) {
console.log(`${givenpassword} === ${thispassword}`); logger.debug(`User.prototype.comparePassword ${password} ${this.password}`);
return (givenpassword === thispassword); bcrypt.compare(password, this.password, callback);
}; };
// pre-save hook method to hash the user's password before the user's info is saved to the db.
User.hook('beforeCreate', (user, options) => {
logger.debug('...beforeCreate hook...');
return new Promise((resolve, reject) => {
// generate a salt string to use for hashing
bcrypt.genSalt((saltError, salt) => {
if (saltError) {
logger.error('salt error', saltError);
reject(saltError);
return;
}
// generate a hashed version of the user's password
bcrypt.hash(user.password, salt, (hashError, hash) => {
// if there is an error with the hash generation return the error
if (hashError) {
logger.error('hash error', hashError);
reject(hashError);
return;
}
// replace the password string with the hash password value
user.password = hash;
resolve();
});
});
});
});
return User; return User;
}; };

View file

@ -27,6 +27,7 @@
"homepage": "https://github.com/lbryio/spee.ch#readme", "homepage": "https://github.com/lbryio/spee.ch#readme",
"dependencies": { "dependencies": {
"axios": "^0.16.1", "axios": "^0.16.1",
"bcrypt": "^1.0.3",
"body-parser": "^1.17.1", "body-parser": "^1.17.1",
"config": "^1.26.1", "config": "^1.26.1",
"connect-multiparty": "^2.0.0", "connect-multiparty": "^2.0.0",

View file

@ -1,3 +1,4 @@
const PassportLocalStrategy = require('passport-local').Strategy; const PassportLocalStrategy = require('passport-local').Strategy;
const db = require('../models'); const db = require('../models');
const logger = require('winston'); const logger = require('winston');
@ -19,27 +20,36 @@ module.exports = new PassportLocalStrategy(
logger.debug('no user found'); logger.debug('no user found');
return done(null, false, {message: 'Incorrect username or password.'}); return done(null, false, {message: 'Incorrect username or password.'});
} }
if (!user.validPassword(password, user.password)) {
logger.debug('incorrect password');
return done(null, false, {message: 'Incorrect username or password.'});
}
logger.debug('user found:', user.dataValues); logger.debug('user found:', user.dataValues);
userInfo['id'] = user.id; logger.debug('...comparing password...');
userInfo['userName'] = user.userName; return user.comparePassword(password, (passwordErr, isMatch) => {
// channel stuff if (passwordErr) {
return user.getChannel() logger.error('passwordErr:', passwordErr);
.then(channel => { return done(passwordErr);
userInfo['channelName'] = channel.channelName; }
userInfo['channelClaimId'] = channel.channelClaimId;
return db.getShortChannelIdFromLongChannelId(channel.channelClaimId, channel.channelName); if (!isMatch) {
}) logger.debug('incorrect password');
.then(shortChannelId => { return done(null, false, {message: 'Incorrect username or password.'});
userInfo['shortChannelId'] = shortChannelId; }
return done(null, userInfo); logger.debug('...password was a match...');
}) userInfo['id'] = user.id;
.catch(error => { userInfo['userName'] = user.userName;
throw error; // get the User's channel info
}); return user.getChannel()
.then(channel => {
userInfo['channelName'] = channel.channelName;
userInfo['channelClaimId'] = channel.channelClaimId;
return db.getShortChannelIdFromLongChannelId(channel.channelClaimId, channel.channelName);
})
.then(shortChannelId => {
userInfo['shortChannelId'] = shortChannelId;
return done(null, userInfo);
})
.catch(error => {
throw error;
});
});
}) })
.catch(error => { .catch(error => {
return done(error); return done(error);