diff --git a/modules/users/server/models/user.server.model.js b/modules/users/server/models/user.server.model.js index 9be2a618ae..bcaff5d84b 100644 --- a/modules/users/server/models/user.server.model.js +++ b/modules/users/server/models/user.server.model.js @@ -107,7 +107,7 @@ var UserSchema = new Schema({ * Hook a pre save method to hash the password */ UserSchema.pre('save', function (next) { - if (this.password && this.isModified('password') && this.password.length > 6) { + if (this.password && this.isModified('password') && this.password.length >= 6) { this.salt = crypto.randomBytes(16).toString('base64'); this.password = this.hashPassword(this.password); } diff --git a/modules/users/tests/server/user.server.model.tests.js b/modules/users/tests/server/user.server.model.tests.js index 9479bc28f0..66890671c7 100644 --- a/modules/users/tests/server/user.server.model.tests.js +++ b/modules/users/tests/server/user.server.model.tests.js @@ -155,6 +155,33 @@ describe('User Model Unit Tests:', function () { }); + it('should not save the password in plain text', function (done) { + var _user = new User(user); + var passwordBeforeSave = _user.password; + _user.save(function (err) { + should.not.exist(err); + _user.password.should.not.equal(passwordBeforeSave); + _user.remove(function(err) { + should.not.exist(err); + done(); + }); + }); + }); + + it('should not save the password in plain text (6 char password)', function (done) { + var _user = new User(user); + _user.password = '123456'; + var passwordBeforeSave = _user.password; + _user.save(function (err) { + should.not.exist(err); + _user.password.should.not.equal(passwordBeforeSave); + _user.remove(function(err) { + should.not.exist(err); + done(); + }); + }); + }); + describe("User E-mail Validation Tests", function() { it('should not allow invalid email address - "123"', function (done) { var _user = new User(user);