beenull/tellform
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #181 from Cambalab/avoid_deprecated_setup

Browse source 
Add explicit SHA1 digest in crypto.pbkdf2 call
This commit is contained in:
David Baldwynn 2017-07-05 14:57:43 -07:00 committed by GitHub
parent e6b9f83494 e764b716d0
commit 4d40074368
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/models/user.server.model.js
View file

@ -156,13 +156,19 @@ UserSchema.virtual('password').get(function () {
* Create instance method for hashing a password
*/
UserSchema.methods.hashPassword = function(password) {
var encoding = 'base64';
var iterations = 10000;
var keylen = 128;
var size = 64;
var digest = 'SHA1';
//Generate salt if it doesn't exist yet
if(!this.salt){
this.salt = crypto.randomBytes(64).toString('base64');
this.salt = crypto.randomBytes(size).toString(encoding);
}
if (password) {
return crypto.pbkdf2Sync(password, new Buffer(this.salt, 'base64'), 10000, 128).toString('base64');
return crypto.pbkdf2Sync(password, new Buffer(this.salt, encoding), iterations, keylen, digest).toString(encoding);
} else {
return password;
}