Added password hashing to examples/auth/user model. #18.

[ViciousPotato]

Also

• Added package dependency
• Comment out applications loading because we don't have application the moment.

[makara]

Hi @xufeng123,

Can you review this and provide your ideas?

I'm not sure about 2 things:

• Should we use returns or callbacks.
• Should we support different hash methods or just one, and which one or which default one.

[fraserxu]

Hi @makara ,

Truth be told, I've noticed your mail the day when you sent me, and I've been reading your code these days. But just can't get completely understand of your code structure and the logic behind that. And also, I'm not sure what your questions are and can not figure out how to show you my ideas. Sorry for that. Would you offer me some suggestions for better understanding your code, I'll be appreciate.

[makara]

The target of this ticket is to build a password hashing method for the example user, which will probably become a built in tool at some point. The method is rather general and instead of looking into my code, which doesn't really help the target, I suggest you look into different open source tools and different materials about how to do build it properly.

[fraserxu]

Hi @makara,

I've tried to find some password hashing tools on github and google, and find that the passportjs & node-password-hash are quite useful and connevient for me to achieve that. So I read theire codes and combine these two tools into one small demo project.

Since I'm new to github and don't know how to pull request and merge my code with others, so I build a new repo on my own account named passport-hash-auth, I'm not sure this is the correct answer, please offer me some help, thanks for that.

[makara]

@xufeng123,

Looks good. Please send me another pull request which:

• Uses node-password-hash.
• Does the same thing with this pull request.

[makara]

@Alexandre-Strzelewicz

Can you review the commits and the above comments and provide your opinions? Thanks.

[makara]

@xufeng123

You still don't have your answer about this.password()? Could you figure it out by yourself?

[fraserxu]

@makara
I think I've got the idea here. crypto.createHash(algorithm) just creates and returns a hash object here, and then the update() method hash the content with the given this.password() but not the original password. What digest does here is to reuturn the final 'message' according to the given encode method(eg: base64) . So, at the end that, this.password() needs to be called again to really update the password with the sha(hashed password) here.

[makara]

Thanks all. Closing.