I currently use following set up to register new users:
// creates a new user
app.post('/users', function(req, res) {
// create new user
var user = new User();
// assign post
user.username = req.body.username;
user.email = req.body.email;
crypto.randomBytes(32, function(err, buf) {
if (err) throw err;
user.salt = buf.toString('hex');
crypto.pbkdf2(req.body.password, user.salt, 25000, 512, function(err, encodedPassword) {
if (err) throw err;
user.password = (encodedPassword.toString('hex')); // this line
user.save(function(err, user) {
if (!err) return res.send(err, 500);
return res.json(user);
});
}.bind(this));
});
});
Take a closer look at this line:
user.password = (encodedPassword.toString('hex'));
This should encode the password string (which looks like a binary one) into a hex string. For some reason this doesn't work.
Why not?
Byside: What encoding is recommand for salt and password storage (hex, binary, base64)?
It appears that if it's already a String, the toString('hex') won't work.
What I did was something like Buffer(encodedPassword, 'binary').toString('hex').