Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
timleslie committed Mar 15, 2020
1 parent 173fbd5 commit e37290f
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 9 deletions.
2 changes: 1 addition & 1 deletion docs/tutorials/add-lists.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ keystone.createList('User', UsersSchema);

<!-- FIXME:TL We haven't shown then how to get an Admin UI yes!!!! -->

Relaunch your app and check if new the list appeared in the Admin UI.
Relaunch your app and check if new the list appeared in the Admin UI.
But how can we assign a task to specific user? Let's proceed with [Defining Relationships](/docs/tutorials/relationships.md)

See also:
Expand Down
4 changes: 2 additions & 2 deletions packages/fields/src/types/Password/Implementation.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ import dumbPasswords from 'dumb-passwords';
const bcryptHashRegex = /^\$2[aby]?\$\d{1,2}\$[.\/A-Za-z0-9]{53}$/;

export class Password extends Implementation {
constructor(path, { rejectCommon, minLength, workFactor, useCompliedBcrypt }) {
constructor(path, { rejectCommon, minLength, workFactor, useCompiledBcrypt }) {
super(...arguments);

this.bcrypt = require(useCompliedBcrypt ? 'bcrypt' : 'bcryptjs');
this.bcrypt = require(useCompiledBcrypt ? 'bcrypt' : 'bcryptjs');

// Sanitise field specific config
this.rejectCommon = !!rejectCommon;
Expand Down
24 changes: 18 additions & 6 deletions packages/fields/src/types/Password/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,13 @@ keystone.createList('User', {

### Config

| Option | Type | Default | Description |
| -------------- | --------- | ------- | --------------------------------------------------------------------- |
| `minLength` | `Integer` | `8` | The minimum number of characters this field will accept |
| `rejectCommon` | `Boolean` | `false` | Checks the password against a list of commonly used passwords |
| `workFactor` | `Integer` | `10` | Controls the processing time required to generate and validate hashes |
| `isRequired` | `Boolean` | `false` | Does this field require a value? |
| Option | Type | Default | Description |
| ------------------- | --------- | ------- | --------------------------------------------------------------------- |
| `minLength` | `Integer` | `8` | The minimum number of characters this field will accept |
| `rejectCommon` | `Boolean` | `false` | Checks the password against a list of commonly used passwords |
| `workFactor` | `Integer` | `10` | Controls the processing time required to generate and validate hashes |
| `isRequired` | `Boolean` | `false` | Does this field require a value? |
| `useCompiledBcrypt` | `Boolean` | `false` | Use the compiled `bcrypt` package rather than `bcryptjs` |

#### `minLength`

Expand Down Expand Up @@ -77,6 +78,17 @@ Note the `workFactor` supplied is applied by the bcrypt algorithm as an exponent
As such, a work factor of 11 will cause passwords to take _twice_ as long to hash and validate as a work factor of 10.
A work factor of 12 will cause passwords to take _four times_ as long as 10. Etc.

#### `useCompiledBcrypt`

By default the [`bcryptjs`](https://www.npmjs.com/package/bcryptjs) package is used for computing and comparing hashes.
This package provides a javascript implementation of the `bcrypt` algorithm.
A compiled version of this algorithm is provided by the [`bcrypt`](https://www.npmjs.com/package/bcrypt) package.
Setting `{ userCompiledBcrypt: true }` will tell Keystone to use the compiled package.
If you use this flag you must include `bcrypt` in your package dependencies.

The compiled package provides a ~20% performance improvement, and avoids the thread blocking of the JavaScript implementation.
This comes with the trade off that the compiled package can be challenging to work with when working in some environments (e.g. Windows) or when trying to deploy code built in one environment onto a different environment (e.g. build on OSX to deploy in a Linux based lambda process).

### Auth Strategies

The `Password` field exposes a `compare()` function.
Expand Down

0 comments on commit e37290f

Please sign in to comment.