Add bcrypt encrypted passwords for local strategy

2026-01-23 02:34:58 +00:00 · 2020-10-16 19:51:54 +02:00 · 2020-10-16 19:51:54 +02:00 · 51a6873424
commit 51a6873424
parent a71e21fffc
4 changed files with 30 additions and 6 deletions
--- a/server/config/config.example.js
+++ b/server/config/config.example.js
@ -80,13 +80,24 @@ module.exports =
 			cert           : fs.readFileSync('config/federation_cert.pem', 'utf-8')
 		},

+		// to create password hash use: node server/utils/password_encode.js cleartextpassword
 		local :
 		{
 			users : [
-				{ id: 1, username: 'alice', password: 'alice-secret',
-					displayName: 'Alice', emails: [ { value: 'alice@atlanta.com' } ] },
-				{ id: 2, username: 'bob', password: 'bob-secret',
-					displayName: 'Bob', emails: [ { value: 'bob@biloxi.com' } ] }
+				{
+					id           : 1,
+					username     : 'alice',
+					passwordHash : '$2b$10$PAXXw.6cL3zJLd7ZX.AnL.sFg2nxjQPDmMmGSOQYIJSa0TrZ9azG6',
+					displayName  : 'Alice',
+					emails       : [ { value: 'alice@atlanta.com' } ]
+				},
+				{
+					id           : 2,
+					username     : 'bob',
+					passwordHash : '$2b$10$BzAkXcZ54JxhHTqCQcFn8.H6klY/G48t4jDBeTE2d2lZJk/.tvv0G',
+					displayName  : 'Bob',
+					emails       : [ { value: 'bob@biloxi.com' } ]
+				}
 			]
 		}
 	},
--- a/server/package.json
+++ b/server/package.json
@ -15,6 +15,7 @@
 		"awaitqueue": "^1.0.0",
 		"axios": "^0.19.2",
 		"base-64": "^0.1.0",
+		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
 		"colors": "^1.4.0",
 		"compression": "^1.7.4",
--- a/server/server.js
+++ b/server/server.js
@ -2,6 +2,7 @@

 process.title = 'edumeet-server';

+const bcrypt = require('bcrypt');
 const config = require('./config/config');
 const fs = require('fs');
 const http = require('http');
@ -268,12 +269,13 @@ function setupSAML()
 function setupLocal()
 {
 	localStrategy = new LocalStrategy(
-		function(username, password, done)
+		function(username, plaintextPassword, done)
 		{
 			const found = config.auth.local.users.find((element) =>
 			{
 				// TODO use encrypted password
-				return element.username === username && element.password === password;
+				return element.username === username &&
+					bcrypt.compareSync(plaintextPassword, element.passwordHash);
 			});

 			if (found === undefined)
--- a/server/utils/password_encode.js
+++ b/server/utils/password_encode.js
@ -0,0 +1,10 @@
+const bcrypt = require('bcrypt');
+const saltRounds=10;
+
+if (process.argv.length == 3)
+{
+	const cleartextPassword = process.argv[2];
+
+	// eslint-disable-next-line no-console
+	console.log(bcrypt.hashSync(cleartextPassword, saltRounds));
+}