I’m using Argon2 to hash my password, this is my code:
import { ForbiddenException, Injectable } from '@nestjs/common';
import { PrismaService } from 'src/prisma/prisma.service';
import { AuthDto } from './dto';
import * as argon from 'argon2';
async signup(authDto: AuthDto) {
// generate the password
const hash = await argon.hash(authDto.password);
console.log(`The hashed password is ${authDto.password}`);
// save the new user in the db
try {
const user = await this.prisma.user.create({
data: {
email: authDto.email,
hash: authDto.password,
firstname: '',
lastname: '',
},
});
//delete user.hash;
// return the saved user
return user;
} catch (error) {
// test if the error is commimg from prisma
if (error instanceof PrismaClientKnownRequestError) {
// test if the field is duplicated
if (error.code === 'P2002') {
throw new ForbiddenException('Credentials taken'); //NestJS exception
}
}
throw error;
}
}
When I print my hashed password, I find it not hashed.
PS : I’m using NestJS as nodeJS backend framework, and Manjaro Linux as OS, Argon2 as hash library.
>Solution :
After hashing the password you are still using the plaintext password for logging and storing it into the prisma db.
The variable hash contains the hashed password.
Change the code to use the hash instead of authDto.password.
const hash = await argon.hash(authDto.password);
console.log(`The hashed password is ${hash}`);