diff --git a/README.md b/README.md index 0bd0d383fd..f9ddde4dd2 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,9 @@ ## Installation -NodeBB is powered by Node.js with a Redis database. They must be installed prior in order for NodeBB to work. +NodeBB is powered by Node.js with a Redis database. They must be installed prior in order for NodeBB to work. `build-essential` exposes the build environment for `bcrypt` compilation. - # apt-get install nodejs redis-server npm + # apt-get install nodejs redis-server npm build-essential Next, obtain all of the dependencies required by NodeBB: diff --git a/package.json b/package.json index 422246b90b..ade3d36f7c 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,9 @@ "passport-google-oauth": "0.1.5", "passport-facebook": "0.1.5", "less-middleware": "0.1.11", - "marked": "0.2.8" + "marked": "0.2.8", + "bcrypt": "0.7.5", + "node-gyp": "0.9.5" }, "devDependencies": {}, "optionalDependencies": {}, diff --git a/src/user.js b/src/user.js index 0b4d22913b..9a7235266c 100644 --- a/src/user.js +++ b/src/user.js @@ -3,7 +3,8 @@ var config = require('../config.js'), RDB = require('./redis.js'), crypto = require('crypto'), emailjs = require('emailjs'), - emailjsServer = emailjs.server.connect(config.mailer); + emailjsServer = emailjs.server.connect(config.mailer), + bcrypt = require('bcrypt'); (function(User) { @@ -95,30 +96,21 @@ var config = require('../config.js'), } RDB.get('uid:' + uid + ':password', function(user_password) { - if (password == user_password) { - // Start, replace, or extend a session - // RDB.get('sess:' + user.sessionID, function(session) { - // if (session !== user.sessionID) { - // RDB.set('sess:' + user.sessionID + ':uid', uid, 60*60*24*14); // Login valid for two weeks - // RDB.set('uid:' + uid + ':session', user.sessionID, 60*60*24*14); - // } else { - // RDB.expire('sess:' + user.sessionID + ':uid', 60*60*24*14); // Defer expiration to two weeks from now - // RDB.expire('uid:' + uid + ':session', 60*60*24*14); - // } - // }); - - next({ - status: "ok", - user: { - uid: uid - } - }); - } else { - next({ - status: 'error', - message: 'invalid-password' - }); - } + bcrypt.compare(password, user_password, function(err, res) { + if (res === true) { + next({ + status: "ok", + user: { + uid: uid + } + }); + } else { + next({ + status: 'error', + message: 'invalid-password' + }); + } + }); }); }); } @@ -218,7 +210,13 @@ var config = require('../config.js'), RDB.incr('global:next_user_id', function(uid) { RDB.set('username:' + username + ':uid', uid); RDB.set('uid:' + uid + ':username', username); - if (password) RDB.set('uid:' + uid + ':password', password); + if (password) { + bcrypt.genSalt(10, function(err, salt) { + bcrypt.hash(password, salt, function(err, hash) { + RDB.set('uid:' + uid + ':password', hash); + }); + }); + } if (email) { RDB.set('uid:' + uid + ':email', email); RDB.set('email:' + email, uid);