682b85a423
* Copyediting of challenge descriptions * Copyedited descriptions of Chai challenges * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/clean-up-your-project-with-modules.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/create-new-middleware.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implement-the-serialization-of-a-passport-user.english.md * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/create-new-middleware.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/registration-of-new-users.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/quality-assurance-and-testing-with-chai/test-for-truthiness.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/quality-assurance-and-testing-with-chai/test-for-truthiness.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/how-to-use-passport-strategies.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implement-the-serialization-of-a-passport-user.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication-ii.english.md Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> * Update curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/clean-up-your-project-with-modules.english.md Co-authored-by: Manish Giri <manish.giri.me@gmail.com> * fix: added code tags Co-authored-by: Manish Giri <manish.giri.me@gmail.com> * fix: add code tag * fix: change to code tag * fix: change to code tags * fix: added code tags * fix: capitalize Passport * fix: added code tags * fix: added code tags * fix: added code tags * fix: added code tags * fix: added code tags * fix: added code tags * fix: added code tags * fix: added code tags * fix: added code tags Co-authored-by: Shaun Hamilton <51722130+Sky020@users.noreply.github.com> Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> Co-authored-by: Manish Giri <manish.giri.me@gmail.com> Co-authored-by: Randell Dawson <5313213+RandellDawson@users.noreply.github.com>
3.1 KiB
id, title, challengeType, forumTopicId
| id | title | challengeType | forumTopicId |
|---|---|---|---|
| 58a25c98f9fc0f352b528e7f | Hashing Your Passwords | 2 | 301553 |
Description
Going back to the information security section, you may remember that storing plaintext passwords is never okay. Now it is time to implement BCrypt to solve this issue.
Add BCrypt as a dependency, and require it in your server. You will need to handle hashing in 2 key areas: where you handle registering/saving a new account, and when you check to see that a password is correct on login.
Currently on our registration route, you insert a user's password into the database like so: password: req.body.password. An easy way to implement saving a hash instead is to add the following before your database logic const hash = bcrypt.hashSync(req.body.password, 12);, and replacing the req.body.password in the database saving with just password: hash.
Finally, on our authentication strategy, we check for the following in our code before completing the process: if (password !== user.password) { return done(null, false); }. After making the previous changes, now user.password is a hash. Before making a change to the existing code, notice how the statement is checking if the password is not equal then return non-authenticated. With this in mind, your code could look as follows to properly check the password entered against the hash:
if (!bcrypt.compareSync(password, user.password)) {
return done(null, false);
}
That is all it takes to implement one of the most important security features when you have to store passwords!
Submit your page when you think you've got it right. If you're running into errors, you can check out the project completed up to this point here.
Instructions
Tests
tests:
- text: BCrypt should be a dependency.
testString: getUserInput => $.get(getUserInput('url')+ '/_api/package.json') .then(data => { var packJson = JSON.parse(data); assert.property(packJson.dependencies, 'bcrypt', 'Your project should list "bcrypt" as a dependency'); }, xhr => { throw new Error(xhr.statusText); })
- text: BCrypt should be correctly required and implemented.
testString: getUserInput => $.get(getUserInput('url')+ '/_api/server.js') .then(data => { assert.match(data, /require.*("|')bcrypt\1/gi, 'You should have required bcrypt'); assert.match(data, /bcrypt.hashSync/gi, 'You should use hash the password in the registration'); assert.match(data, /bcrypt.compareSync/gi, 'You should compare the password to the hash in your strategy'); }, xhr => { throw new Error(xhr.statusText); })
Challenge Seed
Solution
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/