-->

Welcome to our Coding with python Page!!! hier you find various code with PHP, Python, AI, Cyber, etc ... Electricity, Energy, Nuclear Power

Thursday, 5 November 2020

Password Hashing with bcrypt (easiest explanation)

#node #javascript #react #angular #AI, #Analytics, #BigData, #CloudComputing, #DataScience, #DataScientist, #IoT, #Java, #JavaScript, #Linux, #MachineLearning, #Programming, #Python, #ReactJS, #RStats, #Serverless, #TensorFlow

We use bcrypt to hash our passwords. But how to use it? We generally do 2 basic things with bcrypt.

  • hash a password (I mean, when signing up, we hash the password input and then save this hashed password instead of the plain password on our database)

  • verify password (I mean, when logging in, compare the plain password input with the hashed password that we saved)

The SIMPLEST WAY TO USE BCRYPT

  • Hash a password
//it creates the hashed password. Save this hashedPassword on your DB
const hashedPassword = bcrypt.hashSync(yourPasswordFromSignupForm, bcrypt.genSaltSync());
Enter fullscreen mode Exit fullscreen mode

now save this hashedPassword on your Database.

  • Verify Password
const doesPasswordMatch = bcrypt.compareSync(yourPasswordFromLoginForm, yourHashedPassword)
Enter fullscreen mode Exit fullscreen mode

doesPasswordMatch is a bolean. If the passwords match, it'll be true, else false.

COMPLETE GUIDE FOR USING BCRYPT

First, type this on your terminal to install the bcryptjs package
npm install bcryptjs

Now we are ready to use it.

Step 0.

Create your user model. In this case we are going to keep it simple. our model will only have email and password fields.

Step 1 (USING BCRYPT TO SAVE HASHED PASSWORD ON DB FOR SIGN UP).

const router = require('express').Router();
const User = require('YOUR_USER_MODEL');


const bcrypt = require('bcryptjs')


router.post('/signup', async (req, res)=>{
  // these emailFromSignupForm and passwordFromSignupForm are coming from your frontend
  const { emailFromSignupForm, passwordFromSignupForm } = req.body;

 //creating a new user on our database
  const newUser = await User.create({
  email: emailFromSignupForm,
  hashedPassword: bcrypt.hashSync(passwordFromSignupForm, bcrypt.genSaltSync()),
});

//sending back the newUser to the frontEND
res.json(newUser);


})


module.exports = router;
Enter fullscreen mode Exit fullscreen mode

This is a demo code of how to use bcrypt to hash the password and save the hashed password.

Step 2 (USING BCRYPT TO COMPARE PASSWORDS FOR LOG IN).

const router = require('express').Router();
const User = require('YOUR_USER_MODEL');


const bcrypt = require('bcryptjs')


router.post('/login', async (req, res)=>{
  // these emailFromLoginForm and passwordFromLoginForm are coming from your frontend
  const { emailFromLoginpForm, passwordFromLoginForm } = req.body;

  //find a user from the database with your emailFromLoginForm
 const existingUser = await User.findOne({ email: emailFromLoginForm });

//if no user found
if(!existingUser) return res.json({ msg: `No account with this email found` })

//if the user is found, I mean if the user is on our database, compare the passwordFromLoginForm with the hashedPassword on our database to see if the passwords match (bcrypt will do this for us)
const doesPasswordMatch = bcrypt.compareSync(passwordFromLoginForm, existingUser.hashedPassword); //it wii give you a boolean, so the value of doesPasswordMatch will be a boolean

//if the passwords do not match
if(!doesPasswordMatch) return res.json({ msg: `Passwords did not match` });

//if the passwords match, send back the existingUser to the frontEND
res.json(existingUser);
}


})


module.exports = router;
Enter fullscreen mode Exit fullscreen mode

This is a demo code of how to use bcrypt to compare and verify passwordFromYourLoginForm with the hashedPassword saved on your Database.

This is ONLY a demo of how to use bcrypt. Hope it helps.

If you have any Questions or If you are stuck

Feel free to reach out to me. 

I'd LOVE to be your friend, feel FREE to reach out to me!!


If this blog was helpful to you,

PLEASE give a LIKE and share,

it'd mean a lot to me. Thanks

No comments:

Post a Comment

Thanks for your comments

Rank

seo