current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 0 down vote favorite

Please help in deciding if this method for a Mongoose model component for user authentication can be made more secure and optimized, for efficiency and platform independence.

var mongo  = require('mongoose');
var bcrypt = require('bcrypt');

var UserSchema = mongo.Schema({
    email:      {type: String, lowercase: true, required: true, sparse: true, unique:true},
    firstname:  {type: String, required: true},
    lastname:   {type: String, required: true},
    password:   {type: String, required: true},
    type:       {type: String, required: true}
});

UserSchema.methods.generateHash = function(password) {
    return bcrypt.hashSync(password, bcrypt.genSaltSync(10));
};

UserSchema.methods.validPassword = function(password) { 
    return bcrypt.compareSync(password, this.password);
};

UserSchema.methods.getData = function(){
    return {
      id:         this._id,
      email:      this.email,
      firstname:  this.firstname,
      lastname:   this.lastname,
      type:       this.type
    };
};

module.exports = mongo.model('User', UserSchema);

I found a known issue in bcrypt with some Window environments. Even if I don't care to do work on Windows it helps when my team members do choose to. It avoids wasting a day on resolving environment issue.

My model uses some of the best practices when creating a secured user object, I believe.

share|improve this question
1  
Hm, on my windows machine bcrypt runs like a charm. The problem can be with building the source code in c++, but you can run into the problem not only with bcrypt but with other packages that need compiling –  Vsevolod Goloviznin Dec 30 '14 at 11:23
    
@VsevolodGoloviznin Please don't let this issue distract you from the point of the question. Bycrypt has an issue ENOENT problem, so it is a permissions or directory issue quiet often(known issue). The point is to not have this issue so a day isn't wasted on preparing a environment and not to solve existing issues. But thank you. –  Brandon Clark Dec 30 '14 at 19:03

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.