From e82d37717bd504b2e7b4ae937cfd44cb2462e844 Mon Sep 17 00:00:00 2001 From: Florent Vilmart Date: Thu, 18 Aug 2016 18:20:55 -0400 Subject: [PATCH 1/3] Adds bcrypt native binding for better login performance --- package.json | 3 +++ src/password.js | 18 ++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 8c06e42efb..e78ae4d98f 100644 --- a/package.json +++ b/package.json @@ -77,5 +77,8 @@ }, "bin": { "parse-server": "./bin/parse-server" + }, + "optionalDependencies": { + "bcrypt": "0.8.7" } } diff --git a/src/password.js b/src/password.js index a3eaa4bfb5..b2b03df01d 100644 --- a/src/password.js +++ b/src/password.js @@ -1,9 +1,8 @@ // Tools for encrypting and decrypting passwords. // Basically promise-friendly wrappers for bcrypt. var bcrypt = require('bcrypt-nodejs'); - // Returns a promise for a hashed password string. -function hash(password) { +var hash = function(password) { return new Promise(function(fulfill, reject) { bcrypt.hash(password, null, null, function(err, hashedPassword) { if (err) { @@ -15,6 +14,21 @@ function hash(password) { }); } +try { + bcrypt = require('bcrypt'); + hash = function(password) { + return new Promise(function(fulfill, reject) { + bcrypt.hash(password, 10,function(err, hashedPassword) { + if (err) { + reject(err); + } else { + fulfill(hashedPassword); + } + }); + }); + } +} catch(e) {} + // Returns a promise for whether this password compares to equal this // hashed password. function compare(password, hashedPassword) { From f0547ff61467da10d076fd1d81b9c0ed95d09107 Mon Sep 17 00:00:00 2001 From: Florent Vilmart Date: Fri, 19 Aug 2016 08:33:32 -0400 Subject: [PATCH 2/3] Swaps bcrypt-nodejs for bcryptjs as compatible with bcrypt native --- package.json | 3 ++- spec/Auth.spec.js | 13 ++++++++++++- src/password.js | 26 ++++++++------------------ 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/package.json b/package.json index e78ae4d98f..304c35bc5b 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "license": "BSD-3-Clause", "dependencies": { "babel-polyfill": "6.13.0", - "bcrypt-nodejs": "0.0.3", + "bcryptjs": "^2.3.0", "body-parser": "1.15.2", "commander": "2.9.0", "deepcopy": "0.6.3", @@ -53,6 +53,7 @@ "babel-preset-es2015": "6.13.2", "babel-preset-stage-0": "6.5.0", "babel-register": "6.11.6", + "bcrypt-nodejs": "0.0.3", "cross-env": "2.0.0", "deep-diff": "0.3.4", "gaze": "1.1.1", diff --git a/spec/Auth.spec.js b/spec/Auth.spec.js index 0b19f4ca3a..14ed96bd7e 100644 --- a/spec/Auth.spec.js +++ b/spec/Auth.spec.js @@ -77,7 +77,18 @@ describe('Auth', () => { auth.getUserRoles() .then((roles) => expect(roles).toEqual([])) .then(() => done()); - }) + }); + + it('should properly handle bcrypt upgrade', (done) => { + var bcryptOriginal = require('bcrypt-nodejs'); + var bcryptNew = require('bcryptjs'); + bcryptOriginal.hash('my1Long:password', null, null, function(err, res) { + bcryptNew.compare('my1Long:password', res, function(err, res) { + expect(res).toBeTruthy(); + done(); + }) + }); + }); }); }); diff --git a/src/password.js b/src/password.js index b2b03df01d..f7365260df 100644 --- a/src/password.js +++ b/src/password.js @@ -1,10 +1,15 @@ // Tools for encrypting and decrypting passwords. // Basically promise-friendly wrappers for bcrypt. -var bcrypt = require('bcrypt-nodejs'); +var bcrypt = require('bcryptjs'); + +try { + bcrypt = require('bcrypt'); +} catch(e) {} + // Returns a promise for a hashed password string. -var hash = function(password) { +function hash(password) { return new Promise(function(fulfill, reject) { - bcrypt.hash(password, null, null, function(err, hashedPassword) { + bcrypt.hash(password, 10, function(err, hashedPassword) { if (err) { reject(err); } else { @@ -14,21 +19,6 @@ var hash = function(password) { }); } -try { - bcrypt = require('bcrypt'); - hash = function(password) { - return new Promise(function(fulfill, reject) { - bcrypt.hash(password, 10,function(err, hashedPassword) { - if (err) { - reject(err); - } else { - fulfill(hashedPassword); - } - }); - }); - } -} catch(e) {} - // Returns a promise for whether this password compares to equal this // hashed password. function compare(password, hashedPassword) { From 9f31d811d931fd4db30b559276216b2409689481 Mon Sep 17 00:00:00 2001 From: Florent Vilmart Date: Fri, 19 Aug 2016 11:29:46 -0400 Subject: [PATCH 3/3] Fixes package versions --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 304c35bc5b..641f2b716f 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "license": "BSD-3-Clause", "dependencies": { "babel-polyfill": "6.13.0", - "bcryptjs": "^2.3.0", + "bcryptjs": "2.3.0", "body-parser": "1.15.2", "commander": "2.9.0", "deepcopy": "0.6.3", @@ -61,7 +61,7 @@ "jasmine": "2.4.1", "mongodb-runner": "3.3.2", "nodemon": "1.10.0", - "request-promise": "^4.1.1" + "request-promise": "4.1.1" }, "scripts": { "dev": "npm run build && node bin/dev",