debug password hashing function

This commit is contained in:
Sorrel Bri 2020-01-15 20:04:55 -08:00 committed by sorrelbri
parent fea8c9035f
commit 16d5c97e3f
10 changed files with 26 additions and 25 deletions

View file

@ -14,6 +14,7 @@ import Room from './pages/Room/Room';
export const socket = socketIOClient(config.apiAddress); export const socket = socketIOClient(config.apiAddress);
function App() { function App() {
const [fetchData, setFetchData] = useState(); const [fetchData, setFetchData] = useState();
const [socketData, setSocketData] = useState(); const [socketData, setSocketData] = useState();
@ -32,7 +33,6 @@ function App() {
socket.on('connect_error', err => setError([...error, err])); socket.on('connect_error', err => setError([...error, err]));
socket.on('error', err => setError([...error, err])) socket.on('error', err => setError([...error, err]))
}) })
return ( return (
<Router> <Router>

View file

@ -10,18 +10,17 @@ const loginService = () => {
} }
const signupService = async (formData) => { const signupService = async (formData) => {
const response = await Axios.post(signupEndpoint, { const response = await Axios.post(signupEndpoint, {...formData })
...formData .then(res => {
}).then(res => {
return res; return res;
}).catch(err => { }).catch(err => {
console.log(err)
return err; return err;
}); });
console.log(response)
return response; return response;
} }
module.exports = { export default {
loginService, loginService,
signupService signupService
} }

View file

@ -6,15 +6,12 @@ const loginService = authServices.loginService;
const newUserFormData = { const newUserFormData = {
username:'newUser', username:'newUser',
password:'password', password:'password',
passwordConfirm:'password', confirmPassword:'password',
email:'user@example.com' email:'user@example.com'
} }
describe('signupService', () => { describe('signupService', () => {
it('signup returns 200', async () => { it('', () => {
const response = await signupService(newUserFormData);
console.log(response)
expect(response.status).equal('200');
}); });
}); });

View file

@ -13,13 +13,11 @@ const checkValidationErrors = (req, res) => {
} }
const signup = async (req, res, next) => { const signup = async (req, res, next) => {
checkValidationErrors(req, res); checkValidationErrors(req, res);
const user = req.body; const user = req.body;
try { try {
delete user.confirmPassword;
const hashedPassword = await hashPassword(user.password); const hashedPassword = await hashPassword(user.password);
const secureUser = { ...user, password: hashedPassword } const secureUser = { ...user, password: hashedPassword }
@ -28,12 +26,11 @@ const signup = async (req, res, next) => {
.insert(secureUser) .insert(secureUser)
.then(queryResults => { .then(queryResults => {
const newUser = queryResults[0]; const newUser = queryResults[0];
signToken(res, newUser); signToken(res, newUser).send('ok').status(201);
res.send('ok').status(200);
}) })
} }
catch (err) { catch (err) {
res.status(500).json(err) res.status(500).json(err);
} }
} }

View file

@ -5,6 +5,8 @@ const signupValidationRules = () => {
check('email', 'invalid email').normalizeEmail().isEmail(), check('email', 'invalid email').normalizeEmail().isEmail(),
check('username', 'invalid username').isString(), check('username', 'invalid username').isString(),
check('password', 'invalid password').isString().isLength({min: 8}), check('password', 'invalid password').isString().isLength({min: 8}),
check('confirmPassword', 'invalid password').isString()
.custom((confirmPassword, { req }) => confirmPassword === req.body.password),
sanitize('username').escape() sanitize('username').escape()
] ]
} }
@ -17,7 +19,7 @@ const loginValidationRules = () => {
} }
const validate = (req, res, next) => { const validate = (req, res, next) => {
const errors = validationResult(req) const errors = validationResult(req);
if (errors.isEmpty()) { if (errors.isEmpty()) {
return next() return next()
} }

View file

@ -19,8 +19,9 @@ const apiRouter = require('./routes/api');
const app = express(); const app = express();
const allowedOrigin = process.env.NODE_ENV === 'production' ? env.REACT_ADDRESS : '*';
const corsOptions = { const corsOptions = {
origin: process.env.REACT_ADDRESS origin: allowedOrigin
} }
app.options('*', cors(corsOptions)); app.options('*', cors(corsOptions));

View file

@ -1,12 +1,12 @@
const bcrypt = require('bcrypt'); const bcrypt = require('bcrypt');
require('dotenv').config(); require('dotenv').config();
const saltRounds = process.env.NODE_ENV === 'test' ? 5 : process.env.SALT_ROUNDS; const saltRounds = process.env.NODE_ENV === 'test' ? 5 : parseInt(process.env.SALT_ROUNDS);
const hashPassword = async (password) => { const hashPassword = async (password) => {
const hashedPassword = await new Promise((resolve, reject) => { const hashedPassword = await new Promise((resolve, reject) => {
bcrypt.hash(password, saltRounds, (err, hash) => { bcrypt.hash(password, saltRounds, (err, hash) => {
console.log(err)
if (err) reject(err) if (err) reject(err)
resolve(hash) resolve(hash)
}); });

View file

@ -2,8 +2,8 @@
module.exports = { module.exports = {
enableSocket: io => { enableSocket: io => {
io.on('connection', () => console.log('connected')) // io.on('connection', () => console.log('connected'))
io.on('connect', ()=> { io.on('connection', ()=> {
io.emit('connected', {message: 'socket connected'}); io.emit('connected', {message: 'socket connected'});
}) })

View file

@ -2,6 +2,7 @@ const authSignupSpec = (chai, knex, server) => {
const newUserFormData = { const newUserFormData = {
'username':'newUser', 'username':'newUser',
'password':'password', 'password':'password',
'confirmPassword':'password',
'email':'user@example.com' 'email':'user@example.com'
} }
const loginFormData = { const loginFormData = {

View file

@ -4,21 +4,25 @@ const authSignupSpec = (chai, knex, server) => {
const newUserFormData = { const newUserFormData = {
'username':'newUser', 'username':'newUser',
'password':'password', 'password':'password',
'confirmPassword':'password',
'email':'user@example.com' 'email':'user@example.com'
} }
const invalidEmailFormData = { const invalidEmailFormData = {
'username':'newUser', 'username':'newUser',
'email': 'useremail', 'email': 'useremail',
'password':'password' 'password':'password',
'confirmPassword':'password'
} }
const scriptInjectionFormData = { const scriptInjectionFormData = {
'username': '<script> alert("hello, there");</script>', 'username': '<script> alert("hello, there");</script>',
'password':'password', 'password':'password',
'confirmPassword':'password',
'email':'user@example.com' 'email':'user@example.com'
} }
const sqlInjectionFormData = { const sqlInjectionFormData = {
'username': '; DROP TABLE user;', 'username': '; DROP TABLE user;',
'password':'password', 'password':'password',
'confirmPassword':'password',
'email':'user@example.com' 'email':'user@example.com'
} }