I am using passport-local strategy of passport for authentication. In my express server, I am getting a register post request and I should save password to db for a new user. But I need to hash the password before saving to db.
But I am not sure how to hash it, since passport will authenticate user by hashing the login password credential to match my hashed password from db. How should I hash my passwords ?
I am using this module.
passport-local
does not hash your passwords - it passes the credentials to your verify callback for verification and you take care of handling the credentials. Thus, you can use any hash algorithm but I believe bcrypt is the most popular.
You hash the password in your register handler:
app.post('/register', function(req, res, next) {
// Whatever verifications and checks you need to perform here
bcrypt.genSalt(10, function(err, salt) {
if (err) return next(err);
bcrypt.hash(req.body.password, salt, function(err, hash) {
if (err) return next(err);
newUser.password = hash; // Or however suits your setup
// Store the user to the database, then send the response
});
});
});
Then in your verify callback you compare the provided password to the hash:
passport.use(new LocalStrategy(function(username, password, cb) {
// Locate user first here
bcrypt.compare(password, user.password, function(err, res) {
if (err) return cb(err);
if (res === false) {
return cb(null, false);
} else {
return cb(null, user);
}
});
}));
Why should we go for hashing algorithm, when passport already provided it for us? I mean we just need to plugin the passport-local-mongoose to our user schema like: UserSchema.plugin(passportLocalMongoose)
and then, inside the register route we just tell the passportLocalMongoose
to do the hashing for us by using:
User.register(new User({username:req.body.username}), req.body.password,function(err,newUser)
{
if(err){
something
}else{
something
}
)
By doing above we don't need to take care of hashing and it will be done for us. Please correct me if I am wrong or got your question wrong.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With