How to use the bcrypt.compare function in bcrypt
To help you get started, we’ve selected a few bcrypt examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
peterjoseph / Reeve / server / services / passport.js View on Github 
async function LocalStrategyLoadUser(workspaceURL, emailAddress, password) {
// Load a client using a workspaceURL
const client = await models().client.findOne({ where: { workspaceURL: workspaceURL, active: true } });
// Load user based on provided values
const user = await models().user.findOne({ where: { clientId: client.get("id"), emailAddress: emailAddress, active: true } });
// Return false if client or user could not be loaded
if (client === null || user === null) {
return false;
}
// Validate the supplied user password
const valid = await bcrypt.compare(password, user.get("password"));
if (valid === false) {
return false;
}
// Generate a unique session id to store in the redis db and compare with the active token
const sessionId = await uuidv1();
// Create the JSON Web Token for the User
const token = await jwt.sign(
{
sessionId: sessionId,
userId: user.get("id"),
clientId: client.get("id"),
workspaceURL: client.get("workspaceURL")
},
config.authentication.jwtSecret,throw new Error(__('verify.token_generated', null, locale));
}
const user = await ooth.getUserById(userId);
if (!user) {
throw new Error(__('verify.no_user', null, locale));
}
const strategyValues: StrategyValues = user[name] as StrategyValues;
if (!strategyValues || !strategyValues.email) {
// No email to verify, but let's not leak this information
throw new Error(__('verify.no_email', null, locale));
}
if (!(await compare(token, strategyValues.verificationToken))) {
throw new Error(__('verify.invalid_token', null, locale));
}
if (!strategyValues.verificationTokenExpiresAt) {
throw new Error(__('verify.no_expiry', null, locale));
}
if (new Date() >= strategyValues.verificationTokenExpiresAt) {
throw new Error(__('verify.expired_token', null, locale));
}
await ooth.updateUser(name, user._id, {
verified: true,
verificationToken: null,
});.then(user => {
if (!user) {
res.status(400).json({ error: 'User not found' });
}
// Check password
bcrypt.compare(password, user.password)
.then(isMatch => {
if (isMatch) {
// User matched
// Creating payload
const payload = {
id: user.id,
username: user.username
}
// Sign token
jwt.sign(payload, secret, { expiresIn: 3600 * 24 }, (err, token) => {
if (err) throw err;
res.json({
success: true,
token: 'Bearer ' + token
});
});db.getAuth(normalizedUser, function(hash) {
if (hash) {
bcrypt.compare(req.body.pass, hash, function(err, r) {
if (r) req.session.user = normalizedUser;
res.writeHead(!r ? 401 : 200);
res.end();
});
} else {
// add user
bcrypt.genSalt(BCRYPT_ROUNDS, function(err, salt) {
if (err) return cb(err);
bcrypt.hash(req.body.pass, salt, function(err, hash) {
if (err) return cb(err);
db.addUser(normalizedUser, hash, function(err) {
if (!err) req.session.user = normalizedUser;
res.writeHead(err ? 401 : 200);
res.end();
});
});createToken: async (parent, { email, password }) => {
const user = await User.query().findOne({ email })
if (user && (await bcrypt.compare(password, user.password))) {
return jwt.sign({ sub: user.email }, 'shhhhhhared-secret')
}
throw new Error('Invalid email or password.')
},
addUser: async (parent, { name, email, password }) => {async validateUser(
username: string,
pass: string,
): Promise {
const user = await this.usersService.findOne(username);
if (user && compare(pass, user.password!)) {
return classToPlain(user) as User;
}
return undefined;
}wss.on('connection', async (socket) => {
if (!socket.current.session) {
return this.close('You need a valid session.', socket);
}
const channel = await m.channel.connect(socket.current);
if (channel.connectedUsers.length === channel.maxUsers) {
return this.close('This channel does not accept more users.', socket);
}
if (!channel.access.public) {
if (!socket.current.password) {
return this.close('This is a private channel; you need a password.', socket);
} else if (!(await bcrypt.compare(socket.current.password, channel.access.password))) {
return this.close('Your password does not match this channel\'s.', socket);
}
}
if (channel.connectedUsers.find(user => user.user === socket.current.user)) {
return this.close('This username is already in use in this channel.', socket);
}
channel.connectedUsers.push(socket.current);
await channel.save();
this.send({
message: 'Welcome to the _:channel:_ channel!',
currentUsers: channel.connectedUsers
.map((user) => {
const current = user.user;
return current !== socket.current.user ? current : null;schema.methods.checkPassword = function(suppliedPassword) {
return bcrypt.compare(suppliedPassword, this.password);
};account_schema.methods.verify_password = function(password, callback) {
bcrypt.compare(password, this.password, callback);
};const isPasswordValid = async (p: string): Promise => {
const { password } = await User.findById(user, "password").lean();
const result = await bcrypt.compare(p, password);
return result;
};
