bcryptjs-user

Abstract library to create, update and authenticate users using bcrypt.

Use this module to implement a user account module that uses bcrypt passwords with
your own storage engine. See mongo-bcryptjs-user and array-bcrypt-user for two
real world implementations.

Example

$3

Note, this example is based on array-bcrypt-user and uses the match npm.

var util = require('util');

var BcryptUser = require('bcryptjs-user');
var async = require('async');
var match = require('match-object');

// store and verify user accounts in an array named db using bcrypt passwords
function User(db, username, opts) {
if (!Array.isArray(db)) { throw new TypeError('db must be an array'); }
if (typeof username !== 'string') { throw new TypeError('username must be a string'); }

// setup a user database resolver, this is a custom storage engine
var resolver = {
find: function(lookup, cb) {
var found = null;
async.some(db, function(user, cb2) {
if (match(lookup, user)) {
found = user;
cb2(true);
return;
}
cb2(false);
}, function() { cb(null, found); });
},
insert: function(user, cb) {
db.push(user);
process.nextTick(cb);
},
updateHash: function(lookup, hash, cb) {
async.some(db, function(user, cb2) {
if (match(lookup, user)) {
user.password = hash;
cb2(true);
return;
}
cb2(false);
}, function(result) {
if (!result) {
cb(new Error('failed to update password'));
return;
}

cb(null);
});
}
};

BcryptUser.call(this, resolver, username, opts || {});
}

util.inherits(User, BcryptUser);
module.exports = User;

// create a new user with a certain password and save it to the database
User.register = function register(db, username, password, realm, cb) {
if (!Array.isArray(db)) { throw new TypeError('db must be an array'); }
if (typeof realm === 'function') {
cb = realm;
realm = '_default';
}

try {
var user = new User(db, username, { realm: realm });
user.register(password, function(err) {
if (err) { cb(err); return; }

cb(null, user);
});
} catch(err) {
process.nextTick(function() {
cb(err);
});
return;
}
};

// find and return a user from the database
User.find = function find(db, username, realm, cb) {
if (!Array.isArray(db)) { throw new TypeError('db must be an array'); }
if (typeof realm === 'function') {
cb = realm;
realm = '_default';
}

try {
var user = new User(db, username, { realm: realm });
user.find(function(err) {
if (err) { cb(err); return; }

cb(null, user);
});
} catch(err) {
process.nextTick(function() {
cb(err);
});
return;
}
};

Use the above, create a new user named "foo" with the password "secr3t".

var assert = require('assert');
var User = // previously created module

var db = [];

User.register(db, 'foo', 'secr3t', function(err, user) {
if (err) { throw err; }
assert.equal(db.length, 1);
});

Check if the password "secr3t" is correct for user "foo".

// same setup as previous example

User.find(db, 'foo', 'bar', function(err, user) {
if (err) { throw err; }
user.verifyPassword('secr3t', function(err, correct) {
if (err) { throw err; }
assert(correct, true);
});
});

Installation

$ npm install bcryptjs-user

API

$3

* db {Object} resolver that implements find, updateHash and insert methods
* username {String} the name of the user to bind this instance to
* [opts] {Object} object containing optional parameters

opts:
* realm {String, default "_default"} optional realm the user belongs to
* debug {Boolean, default false} whether to do extra console logging or not
* hide {Boolean, default false} whether to suppress errors or not (for testing)

Create a new User object. Either for maintenance, verification or registration.
A user may be bound to a realm.

Three functions db must support:

find should accept: lookup, callback
lookup {Object}:
realm {String}
username {String}
callback {Function} should call back with:
err {Object} error object or null
user {Object} user object

updateHash should accept: lookup, hash, callback
lookup {Object}:
realm {String}
username {String}
hash {String} bcrypt hash
callback {Function} should call back with:
err {Object} error object or null

insert should accept: user, callback
user {Object}:
realm {String}
username {String}
callback {Function} should call back with:
err {Object} error object or null

$3

* cb {Function} first parameter will be an error or null, second parameter
will be true when user is found, otherwise false.

Return a user from the database. This method should be implemented.

Note, the following keys are illegal and should not exist in the user db object:
* _protectedDbKeys
* _illegalDbKeys
* _db
* _debug
* _hide

$3

* password {String} the password to verify
* cb {Function} first parameter will be an error or null, second parameter
contains a boolean about whether the password is valid or not.

Verify if the given password is valid.

$3

* password {String} the password to use
* cb {Function} first parameter will be either an error object or null on success.

Update the password.

Note: the user has to exist in the database.

$3

* password {String} the password to use, at least 6 characters
* cb {Function} first parameter will be either an error object or null on success.

Register a new user with a certain password. This method should be implemented.

Tests

$ npm test

License

ISC

Copyright (c) 2017 John Alfaro
Copyright (c) 2014, 2015 Tim Kuijsten

Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.