Hashed password Before storing it to db, Login route added

UdacityMobileWebScholarship / guess-quote

This application is a collaborative project made by the Google Udacity Mobile Web Specialist Scholars.

MIT License

22 stars 48 forks source link

Hashed password Before storing it to db, Login route added #25

Closed sounak07 closed 6 years ago

sounak07 commented 6 years ago

Bcrypt js is used to hash.
UserSchema.pre(a mongoose middleware) is to hash the password before storing it to db.

sounak07 commented 6 years ago

@skyshader I have resolved all the issues but u also asked for compare password method but we need that while logging in a user, should write the login route as well along with all other changes..??

skyshader commented 6 years ago

Nope. Just keep a compare password method handy in the model. If you're hashing a password, there should also be a way to compare it.

skyshader commented 6 years ago

@sounak07 also, take care of the eslint violations because of previous PR :+1:

sounak07 commented 6 years ago

Once I hash the password I don't have access to the original password as I am setting the user.password = hashed password If I want to compare the password with hash I have to store the password in a variable before hashing but I don't know if that's a good practice... Please guide me on this @skyshader

skyshader commented 6 years ago

What you do typically is, given a password (which is not hashed) - hash it and compare with the hash stored in that user's model. But bcrypt gives a compare method to do the same.

Well, check this SO question: https://stackoverflow.com/questions/40076638/compare-passwords-bcryptjs