Closed jrans closed 5 years ago
@jrans a bcrypt
hash is always different. which is what makes it Strong.
see: https://github.com/nelsonic/bcrypt#faq
Which means we cannot compare two hashed passwords, we have to use bcrypt.compare
which takes the plaintext and existing (stored) hash as inputs.
see: https://github.com/ncb000gt/node.bcrypt.js/#to-check-a-password
@nelsonic Yes realise. Old description was quick and inaccurate, updated now though.
Passwords will be hashed using Argon2id
see: https://github.com/dwyl/fields/issues/13
After #52 we need to check password plain text against the hash in db with bcryot.compare to confirm the login. Be nice to make this general and provide nice methods config object to be interpreted