From c823ce4da284f06e3c789831c44fc20d14b1456b Mon Sep 17 00:00:00 2001 From: Adrien Montfort Date: Fri, 9 Sep 2016 16:33:58 +0200 Subject: [PATCH] chore: use bcrypt in social network example (#371) --- .../social-network/app/controllers/users.js | 2 +- examples/social-network/app/models/user.js | 11 +++------ examples/social-network/app/utils/password.js | 24 +++++-------------- .../migrate/2016051621371582-create-users.js | 3 --- examples/social-network/package.json | 3 ++- 5 files changed, 12 insertions(+), 31 deletions(-) diff --git a/examples/social-network/app/controllers/users.js b/examples/social-network/app/controllers/users.js index d484e80e..e89aa92e 100644 --- a/examples/social-network/app/controllers/users.js +++ b/examples/social-network/app/controllers/users.js @@ -22,7 +22,7 @@ class UsersController extends Controller { const user = await User.findByEmail(email); if (user) { - return user.authenticate(password); + return await user.authenticate(password); } } } diff --git a/examples/social-network/app/models/user.js b/examples/social-network/app/models/user.js index 93414f2b..8c5436ef 100644 --- a/examples/social-network/app/models/user.js +++ b/examples/social-network/app/models/user.js @@ -1,9 +1,8 @@ import { Model } from 'lux-framework'; import { - generateSalt, encryptPassword, - decryptPassword + comparePassword } from 'app/utils/password'; class User extends Model { @@ -42,11 +41,9 @@ class User extends Model { const { id, password, dirtyAttributes } = user; if ((typeof id !== 'number') && password || dirtyAttributes.has('password')) { - const salt = generateSalt(); Object.assign(user, { - password: encryptPassword(password, salt), - passwordSalt: salt + password: encryptPassword(password) }); } } @@ -67,9 +64,7 @@ class User extends Model { }; authenticate(password) { - const { password: encrypted, passwordSalt: salt } = this; - - return password === decryptPassword(encrypted, salt); + return comparePassword(password, this.password); } } diff --git a/examples/social-network/app/utils/password.js b/examples/social-network/app/utils/password.js index 7821fba4..3aeac140 100644 --- a/examples/social-network/app/utils/password.js +++ b/examples/social-network/app/utils/password.js @@ -1,23 +1,11 @@ -import { randomBytes, createCipher, createDecipher } from 'crypto'; +import { hash, compare } from 'bcrypt-as-promised'; -export function generateSalt() { - return randomBytes(16).toString('hex'); -} - -export function encryptPassword(str, secret) { - let encrypted; - const cipher = createCipher('aes-256-ctr', secret); +const saltRounds = 10; - encrypted = cipher.update(str, 'utf8', 'hex'); - encrypted += cipher.final('hex'); - return encrypted; +export function hashPassword(password) { + return hash(password, saltRounds); } -export function decryptPassword(hash, secret) { - let decrypted; - const decipher = createDecipher('aes-256-ctr', secret); - - decrypted = decipher.update(hash, 'hex', 'utf8'); - decrypted += decipher.final('utf8'); - return decrypted; +export function comparePassword(password, hash) { + return compare(password, hash) } diff --git a/examples/social-network/db/migrate/2016051621371582-create-users.js b/examples/social-network/db/migrate/2016051621371582-create-users.js index e3169a83..eca7984a 100644 --- a/examples/social-network/db/migrate/2016051621371582-create-users.js +++ b/examples/social-network/db/migrate/2016051621371582-create-users.js @@ -14,9 +14,6 @@ export function up(schema) { table.string('password') .notNullable(); - table.string('password_salt') - .notNullable(); - table.timestamps(); table.index(['created_at', 'updated_at']); }); diff --git a/examples/social-network/package.json b/examples/social-network/package.json index d4da8fb9..87d68841 100644 --- a/examples/social-network/package.json +++ b/examples/social-network/package.json @@ -14,7 +14,8 @@ "babel-preset-lux": "1.2.0", "knex": "0.11.10", "lux-framework": "1.0.0-rc.7", - "sqlite3": "3.1.4" + "sqlite3": "3.1.4", + "bcrypt-as-promised": "1.1.0" }, "devDependencies": { "faker": "3.1.0"