debug password hashing function

This commit is contained in:
Sorrel Bri 2020-01-15 20:04:55 -08:00 committed by sorrelbri
parent a7f1a16ba2
commit 86b23bdf44
10 changed files with 26 additions and 25 deletions

View file

@ -14,6 +14,7 @@ import Room from './pages/Room/Room';
export const socket = socketIOClient(config.apiAddress);
function App() {
const [fetchData, setFetchData] = useState();
const [socketData, setSocketData] = useState();
@ -32,7 +33,6 @@ function App() {
socket.on('connect_error', err => setError([...error, err]));
socket.on('error', err => setError([...error, err]))
})
return (
<Router>

View file

@ -10,18 +10,17 @@ const loginService = () => {
}
const signupService = async (formData) => {
const response = await Axios.post(signupEndpoint, {
...formData
}).then(res => {
const response = await Axios.post(signupEndpoint, {...formData })
.then(res => {
return res;
}).catch(err => {
console.log(err)
return err;
});
console.log(response)
return response;
}
module.exports = {
export default {
loginService,
signupService
}

View file

@ -6,15 +6,12 @@ const loginService = authServices.loginService;
const newUserFormData = {
username:'newUser',
password:'password',
passwordConfirm:'password',
confirmPassword:'password',
email:'user@example.com'
}
describe('signupService', () => {
it('signup returns 200', async () => {
const response = await signupService(newUserFormData);
console.log(response)
expect(response.status).equal('200');
it('', () => {
});
});

View file

@ -13,27 +13,24 @@ const checkValidationErrors = (req, res) => {
}
const signup = async (req, res, next) => {
checkValidationErrors(req, res);
const user = req.body;
try {
delete user.confirmPassword;
const hashedPassword = await hashPassword(user.password);
const secureUser = { ...user, password: hashedPassword }
knex('user')
.returning(['username', 'email'])
.insert(secureUser)
.then(queryResults => {
const newUser = queryResults[0];
signToken(res, newUser);
res.send('ok').status(200);
signToken(res, newUser).send('ok').status(201);
})
}
catch (err) {
res.status(500).json(err)
res.status(500).json(err);
}
}

View file

@ -5,6 +5,8 @@ const signupValidationRules = () => {
check('email', 'invalid email').normalizeEmail().isEmail(),
check('username', 'invalid username').isString(),
check('password', 'invalid password').isString().isLength({min: 8}),
check('confirmPassword', 'invalid password').isString()
.custom((confirmPassword, { req }) => confirmPassword === req.body.password),
sanitize('username').escape()
]
}
@ -17,7 +19,7 @@ const loginValidationRules = () => {
}
const validate = (req, res, next) => {
const errors = validationResult(req)
const errors = validationResult(req);
if (errors.isEmpty()) {
return next()
}

View file

@ -19,8 +19,9 @@ const apiRouter = require('./routes/api');
const app = express();
const allowedOrigin = process.env.NODE_ENV === 'production' ? env.REACT_ADDRESS : '*';
const corsOptions = {
origin: process.env.REACT_ADDRESS
origin: allowedOrigin
}
app.options('*', cors(corsOptions));

View file

@ -1,12 +1,12 @@
const bcrypt = require('bcrypt');
require('dotenv').config();
const saltRounds = process.env.NODE_ENV === 'test' ? 5 : process.env.SALT_ROUNDS;
const saltRounds = process.env.NODE_ENV === 'test' ? 5 : parseInt(process.env.SALT_ROUNDS);
const hashPassword = async (password) => {
const hashedPassword = await new Promise((resolve, reject) => {
bcrypt.hash(password, saltRounds, (err, hash) => {
console.log(err)
if (err) reject(err)
resolve(hash)
});

View file

@ -2,8 +2,8 @@
module.exports = {
enableSocket: io => {
io.on('connection', () => console.log('connected'))
io.on('connect', ()=> {
// io.on('connection', () => console.log('connected'))
io.on('connection', ()=> {
io.emit('connected', {message: 'socket connected'});
})

View file

@ -2,6 +2,7 @@ const authSignupSpec = (chai, knex, server) => {
const newUserFormData = {
'username':'newUser',
'password':'password',
'confirmPassword':'password',
'email':'user@example.com'
}
const loginFormData = {

View file

@ -4,21 +4,25 @@ const authSignupSpec = (chai, knex, server) => {
const newUserFormData = {
'username':'newUser',
'password':'password',
'confirmPassword':'password',
'email':'user@example.com'
}
const invalidEmailFormData = {
'username':'newUser',
'email': 'useremail',
'password':'password'
'password':'password',
'confirmPassword':'password'
}
const scriptInjectionFormData = {
'username': '<script> alert("hello, there");</script>',
'password':'password',
'confirmPassword':'password',
'email':'user@example.com'
}
const sqlInjectionFormData = {
'username': '; DROP TABLE user;',
'password':'password',
'confirmPassword':'password',
'email':'user@example.com'
}