My project is using dbAuth for account management, I want to update the password change function, how do I do that?
I setup authentication from tutorial: Authentication | RedwoodJS Docs
When you say “update the password change function” what do you mean? A way to let users change their password in their settings? Or change the way that the existing forgot/reset password logic works?
If you wanted to use the same code that Redwood does internally to create a salt/hashedPassword, you can use this codeblock:
const CryptoJS = require('crypto-js')
const salt = CryptoJS.lib.WordArray.random(128 / 8).toString()
const hashedPassword = CryptoJS.PBKDF2('password', salt, { keySize: 256 / 32 }).toString()
Where the string 'password'
is the actual user’s password.
You can then store the hashedPassword
and salt
for the user. You should do this on the server side (in a service) so that the hashedPassword
and salt
are never available to the client.