francisli
commented
8 months ago Typically, I've used bcrypt for password hashing... @michaelyshih may have this in his branch already...
Closed francisli closed 8 months ago
francisli
commented
8 months ago Typically, I've used bcrypt for password hashing... @michaelyshih may have this in his branch already...
javtran
commented
8 months ago @francisli I want to test that bcrypt hashed the password properly. Except, the endpoint doesn't return the hashedpassword for security reasons and none of our endpoints return the user's password. How should I test the hashPassword? I thought of using Prisma to access the db directly to fetch the entire user but I couldn't find the instance of Fastify to do that? Am I missing something?
francisli
commented
8 months ago @javtran in your previous PR I just merged, I added some code to attach the prisma client to the test object, and modified the test so that it shows how it can be used...
If you pull the latest from dev into this branch, you can continue to use that implementation...
Right now, you're expecting the hashedPassword to be passed in to the user registration endpoint.
However, we should really do that on the server side. The client can pass in their initial password in plaintext (over https, of course), and then the server can hash that into hashedPassword. If possible, we should encapsulate the hashing and checking of passwords into the model itself.