node-express-boilerplate icon indicating copy to clipboard operation
node-express-boilerplate copied to clipboard

Published 20 hours ago verified publisher icon hagopj13

Why doesnt the userModel contain the salt?

Open ThatBrianDude opened this issue 2 years ago • 1 comments

The user.fixture.js file includes a salt for the admin but it doesnt seem to be stored anywhere. Why not add the salt to the user model? It's solely for preventing rainbow table attacks, no issue in storing it right next to the password.

Any reason for this?

ThatBrianDude avatar Mar 21 '22 09:03 ThatBrianDude

Using bcrypt the salt is stored as part of the hashed password.

/**
 * Check if password matches the user's password
 * @param {string} password
 * @returns {Promise<boolean>}
 */
userSchema.methods.isPasswordMatch = async function (password) {
  const user = this;
  return bcrypt.compare(password, user.password);
};

userSchema.pre('save', async function (next) {
  const user = this;
  if (user.isModified('password')) {
    user.password = await bcrypt.hash(user.password, 8);
  }
  next();
});

trasherdk avatar Mar 27 '22 05:03 trasherdk