nodebb/src/user/password.js

'use strict';

var async = require('async');
var nconf = require('nconf');

var db = require('../database');
var Password = require('../password');

module.exports = function (User) {
	User.hashPassword = function (password, callback) {
		if (!password) {
			return callback(null, password);
		}

		Password.hash(nconf.get('bcrypt_rounds') || 12, password, callback);
	};

	User.isPasswordCorrect = function (uid, password, callback) {
		password = password || '';
		var hashedPassword;
		async.waterfall([
			function (next) {
				db.getObjectField('user:' + uid, 'password', next);
			},
			function (_hashedPassword, next) {
				hashedPassword = _hashedPassword;
				if (!hashedPassword) {
					return callback(null, true);
				}

				User.isPasswordValid(password, 0, next);
			},
			function (next) {
				Password.compare(password, hashedPassword, next);
			},
		], function (err, ok) {
			if (err) {
				return callback(err);
			}

			// Delay return for incorrect current password
			setTimeout(function () {
				callback(null, ok);
			}, ok ? 0 : 2500);
		});
	};

	User.hasPassword = function (uid, callback) {
		db.getObjectField('user:' + uid, 'password', function (err, hashedPassword) {
			callback(err, !!hashedPassword);
		});
	};
};
closes #1637 10 years ago			`'use strict';`

closes #4041 9 years ago			`var async = require('async');`
closes #1637 10 years ago			`var nconf = require('nconf');`

			`var db = require('../database');`
			`var Password = require('../password');`

Fix space-before-function-paren linter rule 8 years ago			`module.exports = function (User) {`
			`User.hashPassword = function (password, callback) {`
closes #1637 10 years ago			`if (!password) {`
			`return callback(null, password);`
			`}`

			`Password.hash(nconf.get('bcrypt_rounds') \|\| 12, password, callback);`
			`};`

Fix space-before-function-paren linter rule 8 years ago			`User.isPasswordCorrect = function (uid, password, callback) {`
closes #4041 9 years ago			`password = password \|\| '';`
style changes 8 years ago			`var hashedPassword;`
closes #4041 9 years ago			`async.waterfall([`
			`function (next) {`
			`db.getObjectField('user:' + uid, 'password', next);`
			`},`
style changes 8 years ago			`function (_hashedPassword, next) {`
			`hashedPassword = _hashedPassword;`
closes #4041 9 years ago			`if (!hashedPassword) {`
closes #3993 9 years ago			`return callback(null, true);`
closes #4041 9 years ago			`}`
closes #3993 9 years ago
fixes #6415 7 years ago			`User.isPasswordValid(password, 0, next);`
style changes 8 years ago			`},`
			`function (next) {`
			`Password.compare(password, hashedPassword, next);`
ESlint comma-dangle 8 years ago			`},`
add brute-force protection for change password and email actions 7 years ago			`], function (err, ok) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`// Delay return for incorrect current password`
			`setTimeout(function () {`
			`callback(null, ok);`
			`}, ok ? 0 : 2500);`
			`});`
closes #1637 10 years ago			`};`

Fix space-before-function-paren linter rule 8 years ago			`User.hasPassword = function (uid, callback) {`
			`db.getObjectField('user:' + uid, 'password', function (err, hashedPassword) {`
allow changing username if user has no password set, ie sso login 9 years ago			`callback(err, !!hashedPassword);`
			`});`
			`};`
ESlint eol-last 8 years ago			`};`