search

dwyl / abase

:house: A (solid) Base for your Web Application.
9 stars 0 forks source link

Password Authentication with db #53

Closed jrans closed 5 years ago

jrans commented 7 years ago

After #52 we need to check password plain text against the hash in db with bcryot.compare to confirm the login. Be nice to make this general and provide nice methods config object to be interpreted

nelsonic commented 7 years ago

@jrans a bcrypt hash is always different. which is what makes it Strong. see: https://github.com/nelsonic/bcrypt#faq

Which means we cannot compare two hashed passwords, we have to use bcrypt.compare which takes the plaintext and existing (stored) hash as inputs. see: https://github.com/ncb000gt/node.bcrypt.js/#to-check-a-password

jrans commented 7 years ago

@nelsonic Yes realise. Old description was quick and inaccurate, updated now though.

nelsonic commented 5 years ago

Passwords will be hashed using Argon2id see: https://github.com/dwyl/fields/issues/13