My project is using dbAuth for account management, I want to update the password change function, how do I do that?
I setup authentication from tutorial: Authentication | RedwoodJS Docs
When you say “update the password change function” what do you mean? A way to let users change their password in their settings? Or change the way that the existing forgot/reset password logic works?
If you wanted to use the same code that Redwood does internally to create a salt/hashedPassword, you can use this codeblock:
const CryptoJS = require('crypto-js')
const salt = CryptoJS.lib.WordArray.random(128 / 8).toString()
const hashedPassword = CryptoJS.PBKDF2('password', salt, { keySize: 256 / 32 }).toString()
Where the string 'password'
is the actual user’s password.
You can then store the hashedPassword
and salt
for the user. You should do this on the server side (in a service) so that the hashedPassword
and salt
are never available to the client.
You mean that block of code up there? Yep! If you want to do it yourself, like in a Settings page, that works.
I also see if we want to be more idiomatic we can also just import hashPassword
directly from the source, making a full solution that promises to stay consistent with the dbAuth handler as follows:
import { hashPassword } from '@redwoodjs/auth-dbauth-api'
...
export const updateUserPassword: MutationResolvers['updateUserPassword'] =
async ({ id, input }) => {
requireChangeUserInfoAuth(id)
const { newPassword } = input
const [hashedPassword, salt] = hashPassword(newPassword)
return db.user.update({
data: {
hashedPassword,
salt,
},
where: { id },
})
}
Oh yeah! I forgot we started exporting that directly! Yeah that’s even better.
yeah! thanks as always for the help!