Skip to content

307 move password hashing to new auth file#309

Open
stephanie-xu wants to merge 4 commits intomainfrom
307-move-password-hashing-to-new-auth-file
Open

307 move password hashing to new auth file#309
stephanie-xu wants to merge 4 commits intomainfrom
307-move-password-hashing-to-new-auth-file

Conversation

@stephanie-xu
Copy link

@stephanie-xu stephanie-xu commented Mar 27, 2025

Pull Request

Brief Summary

  • Moved the password hashing and comparing into a new class Password in password.ts with 2 methods, and changed the relevant parts of userController to use the new class's static methods.

Questions / Considerations for the Future

  • not sure if the TODO listed in the comments (moving password hashing to frontend) will change this in the future

API Changes

-

Database Changes

-

New Tests

  • No tests added, the current tests cover all changed files

Closes #307

@stephanie-xu stephanie-xu requested review from a team as code owners March 27, 2025 00:56
ethanszeto
ethanszeto requested changes Apr 2, 2025
View reviewed changes
Copy link
Member

@ethanszeto ethanszeto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just one extra thing that could be cool

app/auth/password.js
Comment on lines +20 to +23
static async hash(password) {
const encrypted = await bcrypt.hash(password, 10);
return encrypted;
}
Copy link
Member

@ethanszeto ethanszeto Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add random salting here:

The way the bcrypt works is that you get to define the "salting" you do (aka. random string). Right now we don't really generate a random salt, making the outcome predictable. Try to use genSalt in order to bolster the security of passwords

Copy link
Member

@ethanszeto ethanszeto Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://heynode.com/blog/2020-04/salt-and-hash-passwords-bcrypt/
https://www.npmjs.com/package/bcrypt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ethanszeto ethanszeto ethanszeto requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Move password hashing to new auth file

3 participants

@stephanie-xu @ethanszeto @schen017