verify(value1: string, value2: string): boolean {
if (!value1 && !value2) return true; // both values null or undefined
if (!value1 || !value2) return false; // one value null or undefined
// both values are hashed or both values are unhashed
if ((passwordHash.isHashed(value1) && passwordHash.isHashed(value2)) ||
(!passwordHash.isHashed(value1) && !passwordHash.isHashed(value2)))
{
return value1 === value2;
}
// Only value2 is hashed
if (!passwordHash.isHashed(value1) && passwordHash.isHashed(value2))
return passwordHash.verify(value1, value2);
// Only value1 is hashed
return passwordHash.verify(value2, value1);
}
model.Users.findOne({ email: req.body.email}, (err, user) => {
if (err) {
return res.status(404).json({
title: 'An error ocurred',
error: err
});
}
if (!user) {
return res.status(404).json({
title: 'No user found',
error: { message: "can't find the user" }
});
}
if (!passwordHash.verify(req.body.password, user.password)) {
return res.status(404).json({
title: "Can't signin",
error: { message: "Invalid password"}
});
}
var token = jwt.sign({ user: user}, Config.SUPER_SECRET,
{ expiresIn: TWO_MONTHS })
res.status(200).json({ message: 'Success', token: token})
})
'use strict';
import {generate, verify, isHashed} from 'password-hash';
let password = '******';
let hashed: string;
hashed = generate(password);
hashed = generate(password, {algorithm: 'sha256'});
hashed = generate(password, {saltLength: 10});
hashed = generate(password, {iterations: 11});
hashed = generate(password, {algorithm: 'sha512', saltLength: 9, iterations: 11});
let isOk: boolean;
isOk = verify(password, hashed);
isOk = isHashed(password);
it('getHashedValue() hashes the password', () => {
let hashedPassword = service.getHashedValue('myPa$$word')
expect(passwordHash.verify('wrongPa$$word', hashedPassword)).toBeFalsy();
expect(passwordHash.verify('myPa$$word', hashedPassword)).toBeTruthy();
})