iceddev / bcrypt-as-promised Goto Github PK
View Code? Open in Web Editor NEWPromises A+ version of bcrypt (exposing the `when` API)
License: MIT License
Promises A+ version of bcrypt (exposing the `when` API)
License: MIT License
I like having a promise version of bcrypt, but I want to suggest an API change. The .compare()
method should contain a boolean in the resolved promise indicating match/no match, and a rejected promise should be reserved for errors only.
In my app, I will take different actions if there is an error than if there is a mismatched password.
I would recommend changing the interface and bumping the version to 2, since this would be a breaking change.
During install, npm
logs the notice:
warning bcrypt-as-promised > [email protected]: bcrypt < v2.0.0 is susceptible to bcrypt wrap-around bug. Upgrade to bcrypt >= v2.0.0 for improved support for newer bcrypt hashes
There's another security issue with a nested dependency, growl
-> https://nodesecurity.io/advisories/146
The bcrypt
package now supports promises:
with promises
bcrypt uses whatever Promise implementation is available in global.Promise. NodeJS >= 0.12 has a native Promise implementation built in. However, this should work in any Promises/A+ compliant implementation.
Async methods that accept a callback, return a Promise when callback is not specified if Promise support is available.bcrypt.hash(myPlaintextPassword, saltRounds).then(function(hash) { // Store hash in your password DB. });
There also hasn't been an update to this package in 2 years. It's still getting a lot of downloads, which means a lot of vulnerabilities --- this package should either be upgraded or deprecated.
When attempting to install bcrypt-as-promised
on nodesource/trusty
Docker container I get the following error:
npm WARN cannot run in wd [email protected] node-gyp rebuild (wd=/usr/src/app/node_modules/bcrypt-as-promised/node_modules/bcrypt)
Using bcrypt as normal works fine. I wonder if bcrypt just needs to be upgraded.
I have the following:
Node: 6.1.0
NPM: 3.8.1
Node-webkit: 0.12.3
Windows 7 x64
Visual Studio 2013
Here is my authenticate
method:
authenticate: function(login, password) {
var bcrypt = require('bcrypt-as-promised');
return User.findOne({where: {
login: login,
}}).then(function(user) {
if(user === null) return false;
return bcrypt.compare(password, user.password)
.then(function() {
return true; // password matches
})
.catch(function() {
return false; // invalid password
});
});
},
Console tests are working fine but whenever I run node-webkit I get this error:
message: "Module version mismatch. Expected 43, got 48."
stack: "Error: Module version mismatch. Expected 43, got 48.
at Error (native)
at Module.load (module.js:346:32)
at Function.Module._load (module.js:301:12)
at Module.require (module.js:356:17)
at require (module.js:375:17)
at bindings (D:\Node\Project S\node_modules\bindings\bindings.js:76:44)
at Object.<anonymous> (D:\Node\Project S\node_modules\bcrypt\bcrypt.js:3:35)
at Module._compile (module.js:451:26
at Object.Module._extensions..js (module.js:469:10)
at Module.load (module.js:346:32)
at Function.Module._load (module.js:301:12)
at Module.require (module.js:356:17)
at require (module.js:375:17)
at Object.<anonymous> (D:\Node\Project S\node_modules\bcrypt-as-promised\index.js:5:14)
at Module._compile (module.js:451:26)
at Object.Module._extensions..js (module.js:469:10)"
I tried to rebuild and recompile bcrypt
module separately but no luck.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.