mrded
Reputation: 5270
Hashing passwords in Node.js the same way as in Drupal 7
I'm trying to migrate users from Drupal 7 to another project on node.js.
And I need to keep existing passwords for all of them. That means I need to hash passwords the same way is Drupal does.
Drupal use SHA512 by default with a salt. They run the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).
The problem is, user_hash_password() which does hashing, seems to be quite custom. I don't really want to revers engineer it and reinvent the wheel.
The question is, are there any libraries on node.js that can do that?
Upvotes: 1
Views: 352
Answers (1)
mrded
Reputation: 5270
It can be done with drupal-hash module.
Check existing password
var drupalHash = require('drupal-hash');
var clearPassword = 'superpassword';
var passwordHash = '$S$DODRFsy.GX2iSkl2zJ4fsrGRt2S0FOWu0JSA3BqAmSayESbcY3w9';
var isValid = drupalHash.checkPassword(clearPassword, passwordHash);
// returns true or false
Hash new password
var drupalHash = require('drupal-hash');
var newPassword = 'superpassword';
var passwordHash = drupalHash.hashPassword(newPassword);
// returns something like '$S$DODRFsy.GX2iSkl2zJ4fsrGRt2S0FOWu0JSA3BqAmSayESbcY3w9'
Check if an old password needs updated
var drupalHash = require('drupal-hash');
var passwordHash = '$P$DxTIL/YfZCdJtFYNh1Ef9ERbMBkuQ91';
var needsHash = drupalHash.needsNewHash(passwordHash);
// return true or false
Upvotes: 2
Related Questions
- Node.js hashing of passwords
- Password hashing in nodejs using built-in `crypto`
- Password Hashing in Node.js
- Generating and Verifying password hashes in Node.js same as Python's werkzeug
- How to generate an MD5 password string hash in JavaScript or Node.js?
- password_hash equivalent in nodejs
- SHA256-CRYPT / SHA512-CRYPT in node.js
- Hashing a password using SHA256 and .NET/Node.js
- Hash, salt and save password in Node/Express
- NodeJS - SHA256 Password Encryption