UserSchema.pre('save', function(next){ if(!hash.isHashed(this.password)){ this.password = hash.generate(this.password); } if(!this.created_at){ this.created_at = new Date(); } this.updated_at = new Date(); next(); });
getMember(data.username, function(err, user){ if (_.isEmpty(user)) { // Password check if (!passwordHash.isHashed(data.password)) { data.password = passwordHash.generate(data.password); } else { data.password = data.password; } cfg.harpJSON.users.push(data); fs.writeFile(cfg.harpJSONPath, JSON.stringify(cfg.harpJSON, null, 2), function(err){ callback(err, null); }); } else { callback(new Error("Username already exists"), null); } });
User.pre('save', function(next) { var phash = require('password-hash'); if(this.password != '' && !phash.isHashed(this.password)) { this.password = phash.generate(this.password); } if(this.confirm_password) { delete this.confirm_password; } if(this.display_name == '') { this.display_name = this.username; } next(); });
getUser(username, function(user) { if (!user) { return done(null, false, { error: 'Invalid user/password' }); } user.loginAttempts = user.loginAttempts || []; var now = new Date().getTime(); user.loginAttempts.push(now); if (user.loginAttempts.length > settings.maxAttempts) { var then = user.loginAttempts.shift(); if (then > now - 60000) { return done(null, false, { error: 'Account locked' }); } } if (!passwordHash.isHashed(user.password)) { if (password != user.password) { return done(null, false, { error: 'Invalid user/password' }); } } else { if (!passwordHash.verify(password, user.password)) { return done(null, false, { error: 'Invalid user/password' }); } } user.loginAttempts = []; return done(null, user); });
DAL.users.getAllUsersWithPassword((err, resp) => { let length = resp.length; let i = 0; let promiseArr = []; for(; i < length; i++) { if (resp[i].password && !passwordHash.isHashed(resp[i].password)) { resp[i].password = passwordHash.generate(resp[i].password); promiseArr.push(modifyUser(resp[i])); } } Promise.all(promiseArr).then(function () { next(); }); function modifyUser(user) { return new Promise(function (resolve, reject) { DAL.users.updateUser(user._id, user, resolve); }); } });
function basic_auth(user, req, res, next) { // Basic HTTP authentication. Returns true if the user authenticates, // false if not. All the user credentials have been parsed by Restify // and put in the req.authorization variable. var pw_in, ret_val; // Get username details and the password we've been fed. If we can't, // we've got an invalid username, it's access_denied() if (!user) { smfLog.debug('no user to authenticate'); return false; } // We allow hashed and cleartext passwords in the config file. Check // whichever one is relevant and authenticate like it's 1999. pw_in = req.authorization.basic.password; ret_val = (passwordHash.isHashed(user.password)) ? passwordHash.verify(pw_in, user.password) : (pw_in === user.password); // Log what happened var u_log_obj = {user: user.name, authtype: 'basic'}; if (ret_val) { smfLog.debug(u_log_obj, 'user authenticated'); } else { smfLog.info(u_log_obj, 'user failed to authenticate'); } return ret_val; }
update: function (email, host, port, profileObject, callback) { var obj = this, password; var endPoint = config.endpoints.profile.replace('/profile', '').replace('{{userEmail}}', email); endPoint = endPoint.replace(/\{HOSTPROTO\}/g, host).replace(/\{SERVICEPORT\}/g, port); if (pwdhash.isHashed(profileObject.password)) { password = profileObject.password; } else { password = pwdhash.generate(profileObject.password); } obj.apiRequest({ uri: endPoint, method: 'PATCH', form: 'email=' + email.trim() + '&password='******'&firstname=' + profileObject.firstname.trim() + '&lastname=' + profileObject.lastname.trim() + '&addresses=' + JSON.stringify(profileObject.addresses) + '&preferences=' + JSON.stringify(profileObject.preferences) }, function (err, response, bodyContent) { var success = true; if (err) { success = false; } callback(success); }); },