How to hash password before saving to db to be compatible with passport module (passport local)

前端未结

关注

 3  1305

I am using passport-local strategy of passport for authentication. In my express server, I am getting a register post request and I should save password to db for a new user

相关标签:

3条回答

遥遥无期

2020-12-15 10:50

Have you tried this?

https://www.npmjs.com/package/passport-local-authenticate

var auth = require('passport-local-authenticate');

auth.hash('password', function(err, hashed) {
  console.log(hashed.hash); // Hashed password
  console.log(hashed.salt); // Salt
});

auth.hash('password', function(err, hashed) {
  auth.verify('password', hashed, function(err, verified) {
    console.log(verified); // True, passwords match
  ));
});

auth.hash('password', function(err, hashed) {
  auth.verify('password2', hashed, function(err, verified) {
    console.log(verified); // False, passwords don't match
  ));
});

0 讨论(0)

小蘑菇

2020-12-15 10:52
Why should we go for hashing algorithm, when passport already provided it for us? I mean we just need to plugin the passport-local-mongoose to our user schema like: UserSchema.plugin(passportLocalMongoose) and then, inside the register route we just tell the passportLocalMongoose to do the hashing for us by using:
```
User.register(new User({username:req.body.username}), req.body.password,function(err,newUser)
{ 
    if(err){
        something
    }else{
        something
    }
)
```
By doing above we don't need to take care of hashing and it will be done for us. Please correct me if I am wrong or got your question wrong.
0 讨论(0)
发布评论:

提交评论
- 加载中...

再見小時候

2020-12-15 11:00

passport-local does not hash your passwords - it passes the credentials to your verify callback for verification and you take care of handling the credentials. Thus, you can use any hash algorithm but I believe bcrypt is the most popular.

You hash the password in your register handler:

app.post('/register', function(req, res, next) {
  // Whatever verifications and checks you need to perform here
  bcrypt.genSalt(10, function(err, salt) {
    if (err) return next(err);
    bcrypt.hash(req.body.password, salt, function(err, hash) {
      if (err) return next(err);
      newUser.password = hash; // Or however suits your setup
      // Store the user to the database, then send the response
    });
  });
});

Then in your verify callback you compare the provided password to the hash:

passport.use(new LocalStrategy(function(username, password, cb) {
  // Locate user first here
  bcrypt.compare(password, user.password, function(err, res) {
    if (err) return cb(err);
    if (res === false) {
      return cb(null, false);
    } else {
      return cb(null, user);
    }
  });
}));

0 讨论(0)