Nemcio/meanTorrent
1
0
Fork 0
mirror of https://github.com/taobataoma/meanTorrent.git synced 2026-05-06 19:26:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #921 from mleanos/dbseed-user-passwords

Browse Source 
[hotfix] Fixes db seed password bug
This commit is contained in:
Liran Tal
2015-09-25 08:37:40 +03:00
parent cdd6a7970b 3d37e20128
commit b800141c41
4 changed files with 97 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
modules/users/server/models/user.server.model.js
View File

@@ -7,6 +7,7 @@ var mongoose = require('mongoose'),
Schema = mongoose.Schema,
crypto = require('crypto'),
validator = require('validator'),
generatePassword = require('generate-password'),
owasp = require('owasp-password-strength-test');
/**
@@ -166,4 +167,40 @@ UserSchema.statics.findUniqueUsername = function (username, suffix, callback) {
});
};
/**
* Generates a random passphrase that passes the owasp test.
* Returns a promise that resolves with the generated passphrase, or rejects with an error if something goes wrong.
* NOTE: Passphrases are only tested against the required owasp strength tests, and not the optional tests.
*/
UserSchema.statics.generateRandomPassphrase = function () {
return new Promise(function (resolve, reject) {
var password = '';
var repeatingCharacters = new RegExp('(.)\\1{2,}', 'g');
// iterate until the we have a valid passphrase.
// NOTE: Should rarely iterate more than once, but we need this to ensure no repeating characters are present.
while (password.length < 20 || repeatingCharacters.test(password)) {
// build the random password
password = generatePassword.generate({
length: Math.floor(Math.random() * (20)) + 20, // randomize length between 20 and 40 characters
numbers: true,
symbols: false,
uppercase: true,
excludeSimilarCharacters: true,
});
// check if we need to remove any repeating characters.
password = password.replace(repeatingCharacters, '');
}
// Send the rejection back if the passphrase fails to pass the strength test
if (owasp.test(password).errors.length) {
reject(new Error('An unexpected problem occured while generating the random passphrase'));
} else {
// resolve with the validated passphrase
resolve(password);
}
});
};
mongoose.model('User', UserSchema);