beenull/tellform
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add explicit SHA1 digest in crypto.pbkdf2 call

Browse source 
Signed-off-by: José Luis Di Biase <josx@interorganic.com.ar>
This commit is contained in:
José Luis Di Biase 2017-06-22 10:51:22 -03:00
parent d316e1d7c0
commit e764b716d0
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/models/user.server.model.js
View file

@ -156,13 +156,19 @@ UserSchema.virtual('password').get(function () {
* Create instance method for hashing a password
*/
UserSchema.methods.hashPassword = function(password) {
var encoding = 'base64';
var iterations = 10000;
var keylen = 128;
var size = 64;
var digest = 'SHA1';
//Generate salt if it doesn't exist yet
if(!this.salt){
this.salt = crypto.randomBytes(64).toString('base64');
this.salt = crypto.randomBytes(size).toString(encoding);
}
if (password) {
return crypto.pbkdf2Sync(password, new Buffer(this.salt, 'base64'), 10000, 128).toString('base64');
return crypto.pbkdf2Sync(password, new Buffer(this.salt, encoding), iterations, keylen, digest).toString(encoding);
} else {
return password;
}