Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to hash password before saving to db to be compatible with passport module (passport local)

Tags:

javascript

node.js

passport.js

I am using passport-local strategy of passport for authentication. In my express server, I am getting a register post request and I should save password to db for a new user. But I need to hash the password before saving to db.

But I am not sure how to hash it, since passport will authenticate user by hashing the login password credential to match my hashed password from db. How should I hash my passwords ?

I am using this module.

like image 867
FurkanO Avatar asked Jun 07 '16 00:06

FurkanO

2 Answers

passport-local does not hash your passwords - it passes the credentials to your verify callback for verification and you take care of handling the credentials. Thus, you can use any hash algorithm but I believe bcrypt is the most popular.

You hash the password in your register handler:

app.post('/register', function(req, res, next) {
  // Whatever verifications and checks you need to perform here
  bcrypt.genSalt(10, function(err, salt) {
    if (err) return next(err);
    bcrypt.hash(req.body.password, salt, function(err, hash) {
      if (err) return next(err);
      newUser.password = hash; // Or however suits your setup
      // Store the user to the database, then send the response
    });
  });
});

Then in your verify callback you compare the provided password to the hash:

passport.use(new LocalStrategy(function(username, password, cb) {
  // Locate user first here
  bcrypt.compare(password, user.password, function(err, res) {
    if (err) return cb(err);
    if (res === false) {
      return cb(null, false);
    } else {
      return cb(null, user);
    }
  });
}));
like image 189
vesse Avatar answered Oct 15 '22 18:10

vesse

Why should we go for hashing algorithm, when passport already provided it for us? I mean we just need to plugin the passport-local-mongoose to our user schema like: UserSchema.plugin(passportLocalMongoose) and then, inside the register route we just tell the passportLocalMongoose to do the hashing for us by using: 

User.register(new User({username:req.body.username}), req.body.password,function(err,newUser)
{ 
    if(err){
        something
    }else{
        something
    }
)

By doing above we don't need to take care of hashing and it will be done for us. Please correct me if I am wrong or got your question wrong.

like image 29
jalil Avatar answered Oct 15 '22 17:10

jalil
Sign in to Comment

Related questions

How to center a span inside a TD?
AJAX success function not being called
How can I disable certain options with Select2 and remote data
Callback returns undefined with chrome.storage.sync.get
Angularjs UI Modal Forms
How do display a collapsible tree in AngularJS + Bootstrap
Pushing each word to an array
How is dart2js code faster than javascript?
Sails.js find multiple database entries by id
How to set ng-disabled inside directive
chrome.runtime.sendMessage in content script doesn't send message
How to add CSS Hack specifically for IE10?
MEANJS : 413 (Request Entity Too Large)
Router.use() requires middleware function but got a undefined
AngularJs: Passing Function Arguments Across Multiple Isolated Scopes with Angular Directives
How to get app in router files (in Node/Express app)
jQuery scrollTop() method not working
Run gulp with an arbitrary gulpfile name (not gulpfile.js)
How to add a custom Markdown function to SimpleMDE?
MUI - How to animate Card depth on hover?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!