Merge pull request #1132 from strongloop/feature/fix-user-perf

Skip hashing password if it's already hashed
This commit is contained in:
Raymond Feng 2015-02-24 17:27:06 -08:00
commit 51d6548d98
2 changed files with 14 additions and 1 deletions

View File

@ -501,7 +501,13 @@ module.exports = function(User) {
this.settings.ttl = this.settings.ttl || DEFAULT_TTL;
UserModel.setter.password = function(plain) {
if (plain.indexOf('$2a$') === 0 && plain.length === 60) {
// The password is already hashed. It can be the case
// when the instance is loaded from DB
this.$password = plain;
} else {
this.$password = this.constructor.hashPassword(plain);
}
};
// Make sure emailVerified is not set by creation

View File

@ -137,6 +137,13 @@ describe('User', function() {
assert(u.password !== 'bar');
});
it('does not hash the password if it\'s already hashed', function() {
var u1 = new User({username: 'foo', password: 'bar'});
assert(u1.password !== 'bar');
var u2 = new User({username: 'foo', password: u1.password});
assert(u2.password === u1.password);
});
describe('custom password hash', function() {
var defaultHashPassword;
var defaultValidatePassword;