Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Added lib.security.password lib

Browse source 
no issue

- move password hashing and password comparison to lib/security/password
- added two unit test
- FYI: password hashing takes ~100ms
  - we could probably mock password hashing in certain cases when unit testing
This commit is contained in:
kirrg001 2018-02-15 21:13:04 +01:00
parent c6a95c6478
commit 2b76d7a492
4 changed files with 44 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/server/lib/security/index.js
View file

@ -15,5 +15,9 @@ module.exports = {
get identifier() {
return require('./identifier');
},
get password() {
return require('./password');
}
};

18
core/server/lib/security/password.js Normal file
View file

@ -0,0 +1,18 @@
'use strict';
module.exports.hash = function hash(plainPassword) {
const bcrypt = require('bcryptjs'),
bcryptGenSalt = Promise.promisify(bcrypt.genSalt),
bcryptHash = Promise.promisify(bcrypt.hash);
return bcryptGenSalt().then(function (salt) {
return bcryptHash(plainPassword, salt);
});
};
module.exports.compare = function compare(plainPassword, hashedPassword) {
const bcrypt = require('bcryptjs'),
bcryptCompare = Promise.promisify(bcrypt.compare);
return bcryptCompare(plainPassword, hashedPassword);
};

18
core/server/models/user.js
View file

@ -1,6 +1,5 @@
var _ = require('lodash'),
Promise = require('bluebird'),
bcrypt = require('bcryptjs'),
validator = require('validator'),
ObjectId = require('bson-objectid'),
ghostBookshelf = require('./base'),
@ -10,10 +9,6 @@ var _ = require('lodash'),
imageLib = require('../lib/image'),
pipeline = require('../lib/promise/pipeline'),
validation = require('../data/validation'),
bcryptGenSalt = Promise.promisify(bcrypt.genSalt),
bcryptHash = Promise.promisify(bcrypt.hash),
bcryptCompare = Promise.promisify(bcrypt.compare),
activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'],
/**
* inactive: owner user before blog setup, suspended users
@ -24,15 +19,6 @@ var _ = require('lodash'),
User,
Users;
/**
* generate a random salt and then hash the password with that salt
*/
function generatePasswordHash(password) {
return bcryptGenSalt().then(function (salt) {
return bcryptHash(password, salt);
});
}
User = ghostBookshelf.Model.extend({
tableName: 'users',
@ -173,7 +159,7 @@ User = ghostBookshelf.Model.extend({
}
tasks.hashPassword = (function hashPassword() {
return generatePasswordHash(self.get('password'))
return security.password.hash(self.get('password'))
.then(function (hash) {
self.set('password', hash);
});
@ -728,7 +714,7 @@ User = ghostBookshelf.Model.extend({
}));
}
return bcryptCompare(plainPassword, hashedPassword)
return security.password.compare(plainPassword, hashedPassword)
.then(function (matched) {
if (matched) {
return;

20
core/test/unit/lib/security/password_spec.js Normal file
View file

@ -0,0 +1,20 @@
'use strict';
const should = require('should'), // jshint ignore:line
security = require('../../../../server/lib/security');
describe('Lib: Security - Password', function () {
it('hash plain password', function () {
return security.password.hash('test')
.then(function (hash) {
hash.should.match(/^\$2[ayb]\$.{56}$/);
});
});
it('compare password', function () {
return security.password.compare('test', '$2a$10$we16f8rpbrFZ34xWj0/ZC.LTPUux8ler7bcdTs5qIleN6srRHhilG')
.then(function (valid) {
valid.should.be.true;
});
});
});