Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/saintedlama/passport-local-authenticate

Encapsulates methods used to hash and verify user credentials for use in a passport-local strategy.
https://github.com/saintedlama/passport-local-authenticate

Last synced: 2 months ago
JSON representation

Encapsulates methods used to hash and verify user credentials for use in a passport-local strategy.

Host: GitHub
URL: https://github.com/saintedlama/passport-local-authenticate
Owner: saintedlama
License: mit
Created: 2015-04-10T10:14:31.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2023-06-21T18:06:10.000Z (over 1 year ago)
Last Synced: 2024-10-12T12:25:40.723Z (3 months ago)
Language: JavaScript
Size: 8.79 KB
Stars: 7
Watchers: 2
Forks: 6
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # Passport-Local-Authenticate

Encapsulates methods used to hash and verify user credentials for use in a passport-local strategy. This simplifies building username and password login with [Passport](http://passportjs.org).

[![Build Status](https://travis-ci.org/saintedlama/passport-local-authenticate.png?branch=master)](https://travis-ci.org/saintedlama/passport-local-authenticate)

[![Coverage Status](https://coveralls.io/repos/github/saintedlama/passport-local-authenticate/badge.svg?branch=master)](https://coveralls.io/github/saintedlama/passport-local-authenticate?branch=master)

## Installation

    $ npm install passport-local-authenticate --save

## Usage

    var auth = require('passport-local-authenticate');

    auth.hash('password', function(err, hashed) {

      console.log(hashed.hash); // Hashed password

      console.log(hashed.salt); // Salt

    });

    auth.hash('password', function(err, hashed) {

      auth.verify('password', hashed, function(err, verified) {

        console.log(verified); // True, passwords match

      ));

    });

    auth.hash('password', function(err, hashed) {

      auth.verify('password2', hashed, function(err, verified) {

        console.log(verified); // False, passwords don't match

      ));

    });

**Attention** options.digestAlgorithm is set to 'SHA1' which is not considered too safe but was 

chosen for backward compatibility.

Future versions (major) will use some 'SHA-256' digest algorithm!

## Options

*Attention!* Changing any of the hashing options (saltlen, iterations or keylen) in a production environment will prevent that existing users to authenticate!

* saltlen: specifies the salt length in bytes. Default: 32

* iterations: specifies the number of iterations used in pbkdf2 hashing algorithm. Default: 25000

* keylen: specifies the length in byte of the generated key. Default: 512

* encoding: specifies the encoding the generated salt and hash will be stored in. Defaults to 'hex'.

* digestAlgorithm: digest algorith to use in pbkdf2. Valid values can be retrieved using crypto.getHashes().

    A popular choices is 'sha256' or 'sha512'.

    **Attention** Only working in node.js versions greater 0.10.  And in case your sitting on a 0.10 project consider an upgrade. Really! 

### Hash Algorithm

Passport-Local-Authenticate uses the pbkdf2 algorithm of the node crypto library. 

[Pbkdf2](http://en.wikipedia.org/wiki/PBKDF2) was chosen because platform independent

(in contrary to bcrypt). For every user a generated salt value is saved to make

rainbow table attacks even harder.

## License

Passport-Local-Authenticate is licenses under the [MIT license](http://opensource.org/licenses/MIT).