diff --git a/app/models/user.js b/app/models/user.js index daf9b2ad89..ca122265e1 100755 --- a/app/models/user.js +++ b/app/models/user.js @@ -4,6 +4,7 @@ var mongoose = require('mongoose'), Schema = mongoose.Schema, crypto = require('crypto'), + scrypt = require('scrypt'), _ = require('underscore'), authTypes = ['github', 'twitter', 'facebook', 'google']; @@ -17,7 +18,6 @@ var UserSchema = new Schema({ username: String, provider: String, hashed_password: String, - salt: String, facebook: {}, twitter: {}, github: {}, @@ -29,7 +29,6 @@ var UserSchema = new Schema({ */ UserSchema.virtual('password').set(function(password) { this._password = password; - this.salt = this.makeSalt(); this.hashed_password = this.encryptPassword(password); }).get(function() { return this._password; @@ -92,18 +91,9 @@ UserSchema.methods = { * @api public */ authenticate: function(plainText) { - return this.encryptPassword(plainText) === this.hashed_password; + return scrypt.verifyHashSync(this.hashed_password, plainText); }, - /** - * Make salt - * - * @return {String} - * @api public - */ - makeSalt: function() { - return Math.round((new Date().valueOf() * Math.random())) + ''; - }, /** * Encrypt password @@ -114,8 +104,10 @@ UserSchema.methods = { */ encryptPassword: function(password) { if (!password) return ''; - return crypto.createHmac('sha1', this.salt).update(password).digest('hex'); + var maxtime = 0.1; + return scrypt.passwordHashSync(password, maxtime); + //return crypto.createHmac('sha1', this.salt).update(password).digest('hex'); } }; -mongoose.model('User', UserSchema); \ No newline at end of file +mongoose.model('User', UserSchema); diff --git a/package.json b/package.json index 5c61090903..b6346bf82f 100755 --- a/package.json +++ b/package.json @@ -36,7 +36,8 @@ "forever": "latest", "grunt": "latest", "grunt-cli": "latest", - "grunt-bower-task": "latest" + "grunt-bower-task": "latest", + "scrypt": "latest" }, "devDependencies": { "supertest": "latest", @@ -47,4 +48,4 @@ "grunt-concurrent": "latest", "grunt-mocha-test": "latest" } -} \ No newline at end of file +}