Skip to content

Commit

Permalink
Docs: Use Redwood's hashPassword() for loginToken hashing in the pass…
Browse files Browse the repository at this point in the history
…word-less dbAuth flow (#11566)
  • Loading branch information
antonmoiseev authored Sep 15, 2024
1 parent 6420e07 commit d924a72
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions docs/docs/how-to/dbauth-passwordless.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ Now that you have the file, let's add the `generateToken` function.
```javascript {21} title="/api/src/services/users/users.js"
// add this import to the top of the file
import CryptoJS from 'crypto-js'
import { hashPassword } from '@redwoodjs/auth-dbauth-api'
// add this to the bottom of the file
export const generateLoginToken = async ({ email }) => {
try {
Expand All @@ -84,10 +85,7 @@ export const generateLoginToken = async ({ email }) => {
return sixDigitNumber.toString()
})()
console.log({ randomNumber }) // email the user this number
let salt = CryptoJS.lib.WordArray.random(30)
let loginToken = CryptoJS.PBKDF2(randomNumber, salt, {
keySize: 256 / 32,
}).toString()
let [loginToken, salt] = hashPassword(randomNumber)
// now we'll update the user with the new salt and loginToken
let loginTokenExpiresAt = new Date()
loginTokenExpiresAt.setMinutes(loginTokenExpiresAt.getMinutes() + 15)
Expand Down

0 comments on commit d924a72

Please sign in to comment.