making a password-only auth with bcrypt and mongoose

Posted by user3081123 on Stack Overflow See other posts from Stack Overflow or by user3081123
Published on 2014-08-24T16:02:39Z Indexed on 2014/08/24 16:20 UTC
Read the original article Hit count: 198

Filed under:
|
|
|
|

I want to create service that let you login only with password. You type a password and if this password exists - you are logged in and if it's not - username is generated and password is encrypted. I'm having some misunderstandings and hope someone would help me to show where I'm mistaken.

I guess, it would look somewhat like this in agularjs

First we receive a password in login controller.

$scope.signup = function() {
  var user = {
      password: $scope.password,
    };
    $http.post('/auth/signup', user);
  };

Send it via http.post and get in in our node server file.

We are provided with a compare password bcrypt function

userSchema.methods.comparePassword = function(candidatePassword, cb) {
  bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
    if (err) return cb(err);
    cb(null, isMatch);
  });
};

So right now we are creating function to catch our http request

app.post('/auth/signup', function(req, res, next) {

Inside we use a compair password function to realize if such password exists or not yet. So we have to encrypt a password with bcrypt to make a comparison First we hash it same way as in .pre

var encPass;
bcrypt.genSalt(10, function(err, salt) {
    if (err) return next(err);
    bcrypt.hash(req.body.password, salt, function(err, hash) {
      if (err) return next(err);
      encPass=hash;
    )};
)};

We have encrypted password stored in encPass so now we follow to finding a user in database with this password

     User.findOne({ password: encPass }, function(err, user) {
        if (user) {
         //user exists, it means we should pass an ID of this user to a controller to display it in a view. I don't know how.
      res.send({user.name}) //like this? How should controller receive this? With $http.post?
    } else {

and now if user doesn't exist - we should create it with user ID generated by my function

    var nUser = new User({ 
       name: generId(),
       password: req.body.password
    });
    nUser.save(function(err) {
      if (err) return next(err);
      )};
    )};
)};

Am I doing anything right? I'm pretty new to js and angular. If so - how do I throw a username back at controller?

If someone is interested - this service exists for 100+ symbol passphrases so possibility of entering same passphrase as someone else is miserable. And yeah, If someone logged in under 123 password - the other guy will log in as same user if he entered 123 password, but hey, you are warned to make a big passphrase. So I'm confident about the idea and I only need a help with understanding and realization.

© Stack Overflow or respective owner

Related posts about node.js

Related posts about angularjs