From 035dd2c15033acec450e707b65be39159b1ed2ac Mon Sep 17 00:00:00 2001
From: William Ngo <will@mrngoitall.net>
Date: Fri, 13 Sep 2013 15:48:58 -0700
Subject: [PATCH] Replaced SHA1 password hashing with more bcrypt

---
 app/models/user.js | 18 +++---------------
 package.json       |  3 ++-
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/app/models/user.js b/app/models/user.js
index daf9b2ad89..118308c049 100755
--- a/app/models/user.js
+++ b/app/models/user.js
@@ -3,7 +3,7 @@
  */
 var mongoose = require('mongoose'),
     Schema = mongoose.Schema,
-    crypto = require('crypto'),
+    bcrypt = require('bcrypt'),
     _ = require('underscore'),
     authTypes = ['github', 'twitter', 'facebook', 'google'];
 
@@ -17,7 +17,6 @@ var UserSchema = new Schema({
     username: String,
     provider: String,
     hashed_password: String,
-    salt: String,
     facebook: {},
     twitter: {},
     github: {},
@@ -29,7 +28,6 @@ var UserSchema = new Schema({
  */
 UserSchema.virtual('password').set(function(password) {
     this._password = password;
-    this.salt = this.makeSalt();
     this.hashed_password = this.encryptPassword(password);
 }).get(function() {
     return this._password;
@@ -92,17 +90,7 @@ UserSchema.methods = {
      * @api public
      */
     authenticate: function(plainText) {
-        return this.encryptPassword(plainText) === this.hashed_password;
-    },
-
-    /**
-     * Make salt
-     *
-     * @return {String}
-     * @api public
-     */
-    makeSalt: function() {
-        return Math.round((new Date().valueOf() * Math.random())) + '';
+        return bcrypt.compareSync(plainText,this.hashed_password);
     },
 
     /**
@@ -114,7 +102,7 @@ UserSchema.methods = {
      */
     encryptPassword: function(password) {
         if (!password) return '';
-        return crypto.createHmac('sha1', this.salt).update(password).digest('hex');
+        return bcrypt.hashSync(password, 10);
     }
 };
 
diff --git a/package.json b/package.json
index 5c61090903..747e63bb2c 100755
--- a/package.json
+++ b/package.json
@@ -36,7 +36,8 @@
         "forever": "latest",
         "grunt": "latest",
         "grunt-cli": "latest",
-        "grunt-bower-task": "latest"
+        "grunt-bower-task": "latest",
+        "bcrypt": "latest"
     },
     "devDependencies": {
         "supertest": "latest",