I am developing an application in which users are allowed o change their passwords.

我正在开发一个允许用户更改密码的应用程序。

I am using Node.js with mongoose and crypto.

我正在使用带有mongoose和crypto的Node.js。

In order to generate hashes for the passwords, I've hooked into model's pre('save') event. So basically when you use this:

为了生成密码的哈希,我已经迷上了模型的pre('save')事件。所以基本上当你使用它时:

var user = new User({password: '123'});
user.save(); // the password will be encrypted automatically

Having the ability to change the password, I need to find a way if the user has actually changed the password or modified any other fields. Example:

能够更改密码,我需要找到一种方法,如果用户实际更改了密码或修改了任何其他字段。例:

var user = User.findById('1234567', function(error, user){
     user.name = 'Hello';
     user.save(); // this will hash the password again, although it is not necessary
})

I am using Node.js's module called crypto to generate hash for passwords:

我使用Node.js的模块crypto为密码生成哈希:

crypto.pbkdf2(password, salt, 5000, 512, 'sha512', function(error, buffer){

        this.mixins.callback.call(callback, [error, buffer.toString('base64')]);

}.bind(this));

Is there a way to check if the password is already a hashed?
If not, I will generate the hash again.

有没有办法检查密码是否已经哈希?如果没有,我将再次生成哈希。

Thanks

1 个解决方案

#1

---