[英]How to hash password before saving to db to be compatible with passport module (passport local)
I am using passport-local strategy of passport for authentication. 我使用护照本地护照策略进行身份验证。 In my express server, I am getting a register post request and I should save password to db for a new user. 在我的快递服务器中,我收到了一个注册帖子请求,我应该为新用户保存密码到db。 But I need to hash the password before saving to db. 但是我需要在保存到db之前散列密码。
But I am not sure how to hash it, since passport will authenticate user by hashing the login password credential to match my hashed password from db. 但我不知道如何散列它,因为护照将通过散列登录密码凭证来验证用户,以匹配来自db的哈希密码。 How should I hash my passwords ? 我应该如何哈希我的密码?
passport-local
does not hash your passwords - it passes the credentials to your verify callback for verification and you take care of handling the credentials. passport-local
不会对您的密码进行哈希处理 - 它会将凭据传递给您的验证回调以进行验证,并且您负责处理凭据。 Thus, you can use any hash algorithm but I believe bcrypt is the most popular. 因此,您可以使用任何哈希算法,但我相信bcrypt是最受欢迎的。
You hash the password in your register handler: 您在注册处理程序中哈希密码:
app.post('/register', function(req, res, next) {
// Whatever verifications and checks you need to perform here
bcrypt.genSalt(10, function(err, salt) {
if (err) return next(err);
bcrypt.hash(req.body.password, salt, function(err, hash) {
if (err) return next(err);
newUser.password = hash; // Or however suits your setup
// Store the user to the database, then send the response
});
});
});
Then in your verify callback you compare the provided password to the hash: 然后在验证回调中,将提供的密码与哈希进行比较:
passport.use(new LocalStrategy(function(username, password, cb) {
// Locate user first here
bcrypt.compare(password, user.password, function(err, res) {
if (err) return cb(err);
if (res === false) {
return cb(null, false);
} else {
return cb(null, user);
}
});
}));
Have you tried this? 你试过这个吗?
https://www.npmjs.com/package/passport-local-authenticate https://www.npmjs.com/package/passport-local-authenticate
var auth = require('passport-local-authenticate');
auth.hash('password', function(err, hashed) {
console.log(hashed.hash); // Hashed password
console.log(hashed.salt); // Salt
});
auth.hash('password', function(err, hashed) {
auth.verify('password', hashed, function(err, verified) {
console.log(verified); // True, passwords match
));
});
auth.hash('password', function(err, hashed) {
auth.verify('password2', hashed, function(err, verified) {
console.log(verified); // False, passwords don't match
));
});
Why should we go for hashing algorithm, when passport already provided it for us? 当护照已经为我们提供时,我们为什么要选择哈希算法呢? I mean we just need to plugin the passport-local-mongoose to our user schema like: UserSchema.plugin(passportLocalMongoose)
and then, inside the register route we just tell the passportLocalMongoose
to do the hashing for us by using: 我的意思是我们只需要将passport-local- UserSchema.plugin(passportLocalMongoose)
我们的用户模式,如: UserSchema.plugin(passportLocalMongoose)
然后,在注册路由中我们只需告诉passportLocalMongoose
通过以下方式为我们进行散列:
User.register(new User({username:req.body.username}), req.body.password,function(err,newUser)
{
if(err){
something
}else{
something
}
)
By doing above we don't need to take care of hashing and it will be done for us. 通过上面的操作,我们不需要处理散列,它将为我们完成。 Please correct me if I am wrong or got your question wrong. 如果我错了或者你的问题错了,请纠正我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.