Last active
May 18, 2018 20:17
-
-
Save claustres/d0f6a692e8c8f95757c98dc6fd3d29fb to your computer and use it in GitHub Desktop.
Password policy with FeathersJS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import makeDebug from 'debug' | |
| import { getItems } from 'feathers-hooks-common' | |
| import { BadRequest } from 'feathers-errors' | |
| const debug = makeDebug('debug') | |
| export function enforcePasswordPolicy (options = {}) { | |
| return async function (hook) { | |
| if (hook.type !== 'before') { | |
| throw new Error(`The 'enforePasswordPolicy' hook should only be used as a 'before' hook.`) | |
| } | |
| let app = hook.app | |
| let user = getItems(hook) | |
| let password = item.password | |
| if (password && app.getPasswordPolicy) { | |
| debug('Enforcing password policy on user', user) | |
| const validator = app.getPasswordPolicy() | |
| // First check the clear password | |
| let result = validator.validate(password, { list: true }) | |
| if (result.length > 0) { | |
| throw new BadRequest('The provided password does not comply to the password policy', { failedRules: result }) | |
| } | |
| } | |
| return hook | |
| } | |
| } | |
| // When configuring the user service | |
| service.hooks({ | |
| before: { | |
| create: [ enforcePasswordPolicy(), hashPassword() ] | |
| } | |
| }) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment