making a password-only auth with bcrypt and mongoose
- by user3081123
I want to create service that let you login only with password.
You type a password and if this password exists - you are logged in and if it's not - username is generated and password is encrypted.
I'm having some misunderstandings and hope someone would help me to show where I'm mistaken.
I guess, it would look somewhat like this in agularjs
First we receive a password in login controller.
$scope.signup = function() {
var user = {
password: $scope.password,
};
$http.post('/auth/signup', user);
};
Send it via http.post and get in in our node server file.
We are provided with a compare password bcrypt function
userSchema.methods.comparePassword = function(candidatePassword, cb) {
bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
if (err) return cb(err);
cb(null, isMatch);
});
};
So right now we are creating function to catch our http request
app.post('/auth/signup', function(req, res, next) {
Inside we use a compair password function to realize if such password exists or not yet. So we have to encrypt a password with bcrypt to make a comparison
First we hash it same way as in .pre
var encPass;
bcrypt.genSalt(10, function(err, salt) {
if (err) return next(err);
bcrypt.hash(req.body.password, salt, function(err, hash) {
if (err) return next(err);
encPass=hash;
)};
)};
We have encrypted password stored in encPass so now we follow to finding a user in database with this password
User.findOne({ password: encPass }, function(err, user) {
if (user) {
//user exists, it means we should pass an ID of this user to a controller to display it in a view. I don't know how.
res.send({user.name}) //like this? How should controller receive this? With $http.post?
} else {
and now if user doesn't exist - we should create it with user ID generated by my function
var nUser = new User({
name: generId(),
password: req.body.password
});
nUser.save(function(err) {
if (err) return next(err);
)};
)};
)};
Am I doing anything right? I'm pretty new to js and angular. If so - how do I throw a username back at controller?
If someone is interested - this service exists for 100+ symbol passphrases so possibility of entering same passphrase as someone else is miserable.
And yeah, If someone logged in under 123 password - the other guy will log in as same user if he entered 123 password, but hey, you are warned to make a big passphrase.
So I'm confident about the idea and I only need a help with understanding and realization.
