checkPassword = function (plain, encoded) {
'use strict';
var salted = encoded.substr(3, 8) + plain,
hex = crypto.sha256(salted);
return (encoded.substr(12) === hex);
};
var hashPassword = function (password) {
var salt = internal.genRandomAlphaNumbers(16);
return {
hash: crypto.sha256(salt + password),
salt: salt,
method: "sha256"
};
};
var encodePassword = function (password) {
var salt;
var encoded;
var random = crypto.rand();
if (random === undefined) {
random = "time:" + internal.time();
}
else {
random = "random:" + random;
}
salt = crypto.sha256(random);
salt = salt.substr(0,8);
encoded = "$1$" + salt + "$" + crypto.sha256(salt + password);
return encoded;
};
exports.isValid = function (user, password) {
var users = getStorage();
var previous = users.firstExample({ user: user });
if (previous === null || ! previous.active) {
return false;
}
var salted = previous.password.substr(3, 8) + password;
var hex = crypto.sha256(salted);
// penalize the call
internal.sleep(Math.random());
return (previous.password.substr(12) === hex);
};