GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → venables → bookshelf-secure-password

venables / bookshelf-secure-password

Licence: MIT license
A Bookshelf.js plugin for handling secure passwords

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

securitypasswordhashsecurebcryptsecure-by-defaultbookshelfbookshelf-pluginsecure-password

Projects that are alternatives of or similar to bookshelf-secure-password

crypthash-net
CryptHash.NET is a .NET multi-target library to encrypt/decrypt/hash/encode/decode strings and files, with an optional .NET Core multiplatform console utility.
Stars: ✭ 33 (+37.5%)
Mutual labels:  password, hash, bcrypt
Password4j
Password4j is a user-friendly cryptographic library that supports Argon2, Bcrypt, Scrypt, PBKDF2 and various cryptographic hash functions.
Stars: ✭ 124 (+416.67%)
Mutual labels:  password, hash, bcrypt
BruteForce
A simple brute forcer written in GO for SHA1, SHA256, SHA512, MD5 and bcrypt
Stars: ✭ 49 (+104.17%)
Mutual labels:  password, hash, bcrypt
Upash
🔒Unified API for password hashing algorithms
Stars: ✭ 484 (+1916.67%)
Mutual labels:  password, secure, bcrypt
bcrypt
BCrypt is a password hashing function
Stars: ✭ 138 (+475%)
Mutual labels:  password, hash, bcrypt
password-dart
A set of high-level APIs over PointyCastle and CryptoUtils to hash and verify passwords securely.
Stars: ✭ 40 (+66.67%)
Mutual labels:  password, hash
secrets.clj
A library designed to generate cryptographically strong random numbers.
Stars: ✭ 64 (+166.67%)
Mutual labels:  password, secure
John
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Stars: ✭ 5,656 (+23466.67%)
Mutual labels:  password, hash
Simple Scrypt
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑
Stars: ✭ 168 (+600%)
Mutual labels:  password, hash
Unchained
Secure password hashers for Go compatible with Django
Stars: ✭ 46 (+91.67%)
Mutual labels:  password, bcrypt
Leaked
Leaked? 2.1 - A Checking tool for Hash codes, Passwords and Emails leaked
Stars: ✭ 184 (+666.67%)
Mutual labels:  password, hash
macos-receiver
A MacOS TabBar (StatusBar) application that securely receives one-time passwords (OTPs) that you tapped in Raivo for iOS.
Stars: ✭ 44 (+83.33%)
Mutual labels:  password, secure
FlashPaper
One-time encrypted password/secret sharing
Stars: ✭ 85 (+254.17%)
Mutual labels:  password, bcrypt
Hackers Tool Kit
Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: ✭ 211 (+779.17%)
Mutual labels:  password, hash
LinuxHashCracker
🔨 Linux Hash Cracker
Stars: ✭ 19 (-20.83%)
Mutual labels:  password, hash
Dcipher Cli
🔓Crack hashes using online rainbow & lookup table attack services, right from your terminal.
Stars: ✭ 193 (+704.17%)
Mutual labels:  password, hash
Scrypt
A .NET implementation of scrypt password hash algorithm.
Stars: ✭ 90 (+275%)
Mutual labels:  hash, bcrypt
ios-application
A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP!
Stars: ✭ 581 (+2320.83%)
Mutual labels:  password, secure
phpass-starter
A starter project for Phpass.
Stars: ✭ 24 (+0%)
Mutual labels:  password, hash
Applocker
AppLocker - simple lock screen for iOS Application ( Swift 4+, iOS 9.0+) Touch ID / Face ID
Stars: ✭ 188 (+683.33%)
Mutual labels:  password, secure
View All Similar Projects ➔

bookshelf-secure-password

Version Build Status Coverage Status Dependency Status Standard - JavaScript Style Guide License Downloads

A Bookshelf.js plugin for securely handling passwords.

Features

  • Securely store passwords in the database using BCrypt with ease.
  • Minimal setup required: just install the module, and make a password_digest column in the database!
  • Follows the latest security guidelines, using a BCrypt cost of 12
  • Inspired by and similar to has_secure_password in Ruby on Rails.

Installation

yarn add bookshelf-secure-password

or

npm install bookshelf-secure-password --save

Usage

  1. Enable the plugin in your Bookshelf setup
const bookshelf = require('bookshelf')(knex)
const securePassword = require('bookshelf-secure-password')

bookshelf.plugin(securePassword)
  1. Add hasSecurePassword to the model(s) which require a secure password
const User = bookshelf.Model.extend({
  tableName: 'users',
  hasSecurePassword: true
})

By default, this will use the database column named password_digest. To use a different column, simply change true to be the column name. For example:

const User = bookshelf.Model.extend({
  tableName: 'users',
  hasSecurePassword: 'custom_password_digest_field'
})
  1. Now, when you set a password and save the record, it will be hashed as password_digest:
user = new User({ password: 'testing' })
user.get('password') // => undefined
user.get('password_digest') // => undefined

user.save().then(function () {
  user.get('password') // => undefined
  user.get('password_digest') // => '$2a$12$SzUDit15feMdVCtfSzopc.0LuqeHlJInqq/1Ol8uxCC5QydHpVWFy'
})
  1. To authenticate against the password, simply call the instance method authenticate, which returns a Promise resolving to the authenticated Model.
user.authenticate('some-password').then(function (user) {
  // do something with the authenticated user
}, function (err) {
  // invalid password.
  // `err` will be of type `PasswordMismatchError`, which extends the `Error` class
})

Example

const User = require('./models/User')

/**
 * Sign up a new user.
 *
 * @returns {Promise.<User>} A promise resolving to the newly registered User, or rejected with an error.
 */
function signUp (email, password) {
  let user = new User({ email: email, password: password })

  return user.save()
}

/**
 * Sign in with a given email, password combination
 *
 * @returns {Promise.<User>} A promise resolving to the authenticated User, or rejected with a `PasswordMismatchError`.
 */
function signIn (email, password) {
  return User.forge({ email: email })
    .fetch()
    .then(function (user) {
      return user.authenticate(password)
    })
}

Notes

  • BCrypt requires that passwords are 72 characters maximum (it ignores characters after 72).
  • This library enables the bookshelf-virtuals-plugin plugin on Bookshelf for the virtual password field.
  • Passing a null value to the password will clear the password_digest.
  • Passing undefined or a zero-length string to the password will leave the password_digest as-is

Testing

To run the tests locally, simply run yarn test or npm test

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].