bookshelf-secure-password
A Bookshelf.js plugin for securely handling passwords.
Features
- Securely store passwords in the database using BCrypt with ease.
- Minimal setup required: just install the module, and make a
password_digest
column in the database! - Follows the latest security guidelines, using a BCrypt cost of 12
- Inspired by and similar to has_secure_password in Ruby on Rails.
Installation
yarn add bookshelf-secure-password
or
npm install bookshelf-secure-password --save
Usage
- Enable the plugin in your Bookshelf setup
const bookshelf = knexconst securePassword = bookshelf
- Add
hasSecurePassword
to the model(s) which require a secure password
const User = bookshelfModel
By default, this will use the database column named password_digest
. To use a different column, simply change true
to be the column name. For example:
const User = bookshelfModel
- Now, when you set a password and save the record, it will be hashed as
password_digest
:
user = password: 'testing' user // => undefineduser // => undefined user
- To authenticate against the password, simply call the instance method
authenticate
, which returns aPromise
resolving to the authenticated Model.
user
Example
const User = /** * Sign up a new user. * * @returns */ { let user = email: email password: password return user} /** * Sign in with a given email, password combination * * @returns */ { return User }
Notes
- BCrypt requires that passwords are 72 characters maximum (it ignores characters after 72).
- This library enables the built-in
virtuals
plugin on Bookshelf for the virtualpassword
field. - Passing a
null
value to the password will clear thepassword_digest
. - Passing
undefined
or a zero-length string to the password will leave thepassword_digest
as-is
Testing
To run the tests locally, simply run yarn test
or npm test