The password stored in the database is always in (hashed+salt) form because of security reasons. When users sign up on any website, a password is given in the raw form. But storing the raw passwords in the database directly is not a good practice. Using some server-side logic we first convert raw passwords in the (hashed+salt) form then store it in the database. This arises a new challenge, how to compare the raw password given by the user at Sign In time and give access to the user on the basis of the password is correct or not.
Password stored in the database in the following form:
Steps to set up logic to Sign In with raw password:
- Search the database with the help of unique username or email given by the user to sign in.
- Find the unique record and if not found return ‘User not exist’.
- Split the encrypted password at ‘ . ‘ to find the hashed password and salt indivisually.
- Hashed the raw password given by the user to sign in with Node.js ‘scrypt’ method using salt.
- Compare the obtained hashed with the hashed got from splitting the database password.
- If both hashed are equal signed in the user and give the access.
- If both hashed not equal denied the access with message Invalid password.
Note: To illustrates the logic, here we take a local or custom database. same logic can also be implemented with the regular database like MongoDB, MySql etc.
Example: This example illustrates how to sign in with a raw password when stored password in the database is in (hashed + salt) form.
Filename: repository.js This file contains all the logic related to create a local database and how to interact with it.
Run index.js file using the following command:
Here we submit three forms individually with a different combinations of username and password and get the output as shown in the image respectively.
- How to store password securely in your local/custom database in Node.js ?
- Nodejs | Automatic restart NodeJs server with nodemon
- How to get raw content from a string including carriage return ?
- Express.js express.raw() Function
- How to create a responsive Modal Sign-Up form for a Website?
- How to compare password and confirm password inputs using express-validator ?
- Signup Form Using Nodejs and MongoDB
- Signup form using PHP and MySQL Database
- HTML | DOM Input Password form Property
- What does the “+” (plus sign) CSS selector mean?
- What is greater-than sign (>) selector in CSS?
- How to read a hash with an “&” sign in the URL ?
- Firebase (sign in with Google) Authentication in Node.js using Firebase UI and Cookie Sessions
- Where does PHP store the error log? (php5, apache, fastcgi, cpanel)
- Introduction to Redux (Action, Reducers and Store)
- How to store deployment configuration files in Node.js ?
- How to Build Progressive Web Application and Submit it to the Play Store?
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.