diff --git a/packages/medusa/package.json b/packages/medusa/package.json index a34567a91b..f989cd1575 100644 --- a/packages/medusa/package.json +++ b/packages/medusa/package.json @@ -71,7 +71,7 @@ "randomatic": "^3.1.1", "redis": "^3.0.2", "resolve-cwd": "^3.0.0", - "scrypt": "^6.0.3", + "scrypt-kdf": "^2.0.1", "winston": "^3.2.1" }, "gitHead": "27d4e07c5251e43ba6be2d5fa35f1d5287b11043" diff --git a/packages/medusa/src/services/auth.js b/packages/medusa/src/services/auth.js index f867d52c4c..b97559228c 100644 --- a/packages/medusa/src/services/auth.js +++ b/packages/medusa/src/services/auth.js @@ -1,4 +1,4 @@ -import { verifyKdf } from "scrypt" +import Scrypt from "scrypt-kdf" import { BaseService } from "medusa-interfaces" /** @@ -23,8 +23,8 @@ class AuthService extends BaseService { * @return {bool} the result of the comparison */ async comparePassword_(password, hash) { - const buf = new Buffer(hash, "base64") - return verifyKdf(buf, password) + const buf = Buffer.from(hash, "base64") + return Scrypt.verify(buf, password) } /** diff --git a/packages/medusa/src/services/customer.js b/packages/medusa/src/services/customer.js index 50f9c7a8bf..03397b785f 100644 --- a/packages/medusa/src/services/customer.js +++ b/packages/medusa/src/services/customer.js @@ -1,5 +1,5 @@ import jwt from "jsonwebtoken" -import { kdf } from "scrypt" +import Scrypt from "scrypt-kdf" import _ from "lodash" import { Validator, MedusaError } from "medusa-core-utils" import { BaseService } from "medusa-interfaces" @@ -166,7 +166,7 @@ class CustomerService extends BaseService { * @return hashed password */ async hashPassword_(password) { - const buf = await kdf(password, { N: 1, r: 1, p: 1 }) + const buf = await Scrypt.kdf(password, { logN: 1, r: 1, p: 1 }) return buf.toString("base64") } diff --git a/packages/medusa/src/services/user.js b/packages/medusa/src/services/user.js index 7e6a1da349..ae830f21b3 100644 --- a/packages/medusa/src/services/user.js +++ b/packages/medusa/src/services/user.js @@ -1,5 +1,5 @@ import _ from "lodash" -import bcrypt from "bcrypt" +import Scrypt from "scrypt-kdf" import jwt from "jsonwebtoken" import { Validator, MedusaError } from "medusa-core-utils" import { BaseService } from "medusa-interfaces" @@ -133,6 +133,17 @@ class UserService extends BaseService { } return user } + + /** + * Hashes a password + * @param {string} password - the value to hash + * @return hashed password + */ + async hashPassword_(password) { + const buf = await Scrypt.kdf(password, { logN: 1, r: 1, p: 1 }) + return buf.toString("base64") + } + /** * Creates a user with username being validated. * Fails if email is not a valid format. @@ -141,7 +152,7 @@ class UserService extends BaseService { */ async create(user, password) { const validatedEmail = this.validateEmail_(user.email) - const hashedPassword = await bcrypt.hash(password, 10) + const hashedPassword = await this.hashPassword_(password) user.email = validatedEmail user.password_hash = hashedPassword return this.userModel_.create(user).catch(err => { diff --git a/packages/medusa/yarn.lock b/packages/medusa/yarn.lock index 7e3b43998d..9ecd3f0d70 100644 --- a/packages/medusa/yarn.lock +++ b/packages/medusa/yarn.lock @@ -4804,11 +4804,6 @@ mute-stream@0.0.8: resolved "https://registry.yarnpkg.com/mute-stream/-/mute-stream-0.0.8.tgz#1630c42b2251ff81e2a283de96a5497ea92e5e0d" integrity sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA== -nan@^2.0.8: - version "2.14.1" - resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.1.tgz#d7be34dfa3105b91494c3147089315eff8874b01" - integrity sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw== - nan@^2.12.1: version "2.14.0" resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.0.tgz#7818f722027b2459a86f0295d434d1fc2336c52c" @@ -5966,12 +5961,10 @@ saxes@^3.1.9: dependencies: xmlchars "^2.1.1" -scrypt@^6.0.3: - version "6.0.3" - resolved "https://registry.yarnpkg.com/scrypt/-/scrypt-6.0.3.tgz#04e014a5682b53fa50c2d5cce167d719c06d870d" - integrity sha1-BOAUpWgrU/pQwtXM4WfXGcBthw0= - dependencies: - nan "^2.0.8" +scrypt-kdf@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/scrypt-kdf/-/scrypt-kdf-2.0.1.tgz#3355224c52d398331b2cbf2b70a7be26b52c53e6" + integrity sha512-dMhpgBVJPDWZP5erOCwTjI6oAO9hKhFAjZsdSQ0spaWJYHuA/wFNF2weQQfsyCIk8eNKoLfEDxr3zAtM+gZo0Q== semver-diff@^2.0.0: version "2.1.0"