Skip to content

Instantly share code, notes, and snippets.

@timstermatic
Created May 20, 2013 17:29
Show Gist options
  • Save timstermatic/5613771 to your computer and use it in GitHub Desktop.
Save timstermatic/5613771 to your computer and use it in GitHub Desktop.
Example of using bcrypt with mongoose middleware to enforce password hashing with bcrypt on save.
var mongoose = require('mongoose'),
Schema = mongoose.Schema
var bcrypt = require('bcrypt')
var UserSchema = new Schema( {
email: String,
password: String
} )
// pre
UserSchema.pre('save', function(next) {
if(this.password) {
var salt = bcrypt.genSaltSync(10)
this.password = bcrypt.hashSync(this.password, salt)
}
next()
})
mongoose.model('User', UserSchema);
@exlane
Copy link

exlane commented Jan 22, 2020

Hello timstermatic,

are we not supposed to handle hashing password in async/await mode?

@timstermatic
Copy link
Author

Hello timstermatic,

are we not supposed to handle hashing password in async/await mode?

This code is 7 years old. I'm not sure await was a thing.

@exlane
Copy link

exlane commented Jan 22, 2020

ohhh, that's my ignorance. I didn't notice that. I am just learning nodejs

thank you for a prompt response

@sachith-1
Copy link

sachith-1 commented Jul 5, 2021

@exlane, here is the code with async/await

UserSchema.pre('save', async function(next) {                                                                                                                                        
    if(this.password) {                                                                                                                                                        
        var salt = await bcrypt.genSaltSync(10)                                                                                                                                     
        this.password  = await bcrypt.hashSync(this.password, salt)                                                                                                                
    }                                                                                                                                                                          
    next()                                                                                                                                                                     
}) 

@myoussef3030
Copy link

All this code is incorrect... you must test if the password was modified before hashing it, or you will double hash it...

userSchema.pre('save', async function(next){

if(this.isModified('password')) this.password = await bcrypt.hash(this.password, 12)

next()

})

@robyoung75
Copy link

myoussef3030 thanks for the great snippet works perfectly.

@Mohan1203
Copy link

userSchema.pre('save', async function (next) {
const user = this;
if (user.isModified('password')) {
user.password = await bcrypt.hash(user.password, 8)
}
next()
})
for a readability we can also user variable like this

@Smartfab
Copy link

Smartfab commented Jul 19, 2024

For anybody who might need this for readability and clarity, better to use "isModified" so that when the password is updated, we don't have to re-hash again multiple times.

userSchema.pre("save", async function(next){
if(this.isModified("password")){
this.password = await bcrypt.hash(this.password, 8)
}
next();
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment