Checking password against non sha bcrypts in meteor

Question

I'm migrating an app from parse to meteor. In parse, users' password are stocked as bcrypt(password) whereas meteor does bcrypt(sha256(password)). How can I plug the old bcrypt list to meteor so that the old users can login seamlessly?

Answer 1

I recommend taking a look at the following on how accounts-password defines a password login method, then define you own. Method signature for registerLoginHandler.

---

In the server (recommend this is done during server startup):

import bcrypt from 'bcrypt';

import { Accounts } from 'meteor/accounts-base';
import { Meteor } from 'meteor/meteor';

Accounts.registerLoginHandler('parsePassword', function (options) {
  // Validate options
  /* TODO Fill in yourself */

  // Find the user to login
  /* TODO Fill in yourself */

  const result = {
    userId: user._id,
  };

  // Prepare the bcrypt method
  const bcryptCompare = Meteor.wrapAsync(bcrypt.compare);

  if (! bcryptCompare(options.password, hashedPassword)) {
    result.error = new Meteor.Error(403, 'Incorrect password');
  }

  return result;
});

Then you would use this login method, like so on the client:

import { Meteor } from 'meteor/meteor';

Meteor.loginWithParsePassword({ user: /* TODO Define the query for finding your user */, password: passwordInput }, function () { console.log(arguments); });

Make sure to have the bcrypt module listed in your package.json

---

I left part of the example blank simply because I don't know how the asker has imported their users from Parse and what the db structure of that imported data is like. So I'll leave that part of the code as an exercise for the asker to do.