mongoose-pass
v1.0.3
Published
Adds a password field that gets hashed when updated
Downloads
10
Readme
mongoose-pass
Another mongoose password hashing module.
Usage
'use strict';
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var MySchema = new Schema({
username: {
type: String,
required: true,
index: {
unique: true
}
}
});
MySchema.plugin(require('mongoose-pass'));
MySchema.static('authenticate', function (username, password, cb) {
// Promise version
return User.findOne({username: username}).exec().then(function (user) {
if (!user) { return false; }
return user.authenticate(password);
});
// Callback version
User.findOne({username: username}, function (err, user) {
if (err) { return cb(err); }
if (!user) { return cb(null, false); }
user.authenticate(password, function (err, isMatch) {
if (err) { return cb(err); }
cb(null, isMatch);
});
});
});
To pass in options:
MySchema.plugin(require('mongoose-pass'), {
passwordPath: 'password',
authMethod: 'authenticate',
saltWorkFactor: 10
});
Note in the example above that it added an authenticate()
method. This method
is an instance method. Once you have a model, you call this method passing in
the tentative password as the first parameter. Now, you can either pass in a
callback as the second parameter, or it returns a promise. See examples of both
above.
Options
passwordPath
(String) - The path to add the password property to. Default:'password'
authMethod
(String) - The name of the instance method that authenticates a user by password. Default'authenticate'
saltWorkFactor
(Number) - The salt work factor used to hash the password. Increasing this number increases the amount of time it takes to hash a password. This is to keep up with Moore's law. Default10