0

I am new to the meteor. I just created simple meteor app in which I want to save the user password as hashed string, not the plain password and I don't want to use accounts-password package. Following is my meteor method which one I am using for User insertion process.

Meteor.methods({'addRecord':function(user) {
    var checkCollection = Users.findOne({},{sort:{userId:-1}});
    if(typeof checkCollection != 'undefined' || checkCollection){
        currentId = Users.findOne({},{sort:{userId:-1}}).userId || "1";
        user.userId = (currentId * 1) + 1;

        bcrypt.genSalt(10, Meteor.bindEnvironment(function (err, salt) {
            if (err)
                return
            bcrypt.hash(user.password, salt, Meteor.bindEnvironment(function (err, hash) {
                if (err)
                    return;
                user.password = hash;
                Users.insert(user);
            }));
        })); 
        return user.userId;
    }
    else {
        user.userId = "1";
        Users.insert(user);
    }
    return 1;
   }
});

and following is my code in user signup route: 

Meteor.call("addRecord", newuser, function(err, result) {
        if(result) {
            console.log("Successfully added new record with auto_inc id " + result);
            Utility.response(context, 200, {
                'success': true,
                'error': false,
                'successText': 'Signup successful!'
            });
        } else {
            console.log(err);
            Utility.response(context, 200, {
                'success': false,
                'error': true,
                'successText': 'Signup failed!'
            });
        }
    });

but the code is not working, passwords get saved as same plain text.

Rohit Luthra
  • 1,256
  • 17
  • 27
  • 1
    Possible duplicate of [How do I return the response from an asynchronous call?](https://stackoverflow.com/questions/14220321/how-do-i-return-the-response-from-an-asynchronous-call) (you're inserting the record outside of the hasher callbacks, so the insert happens before the password gets set). – Joe Clay Aug 18 '17 at 12:47
  • Your comment is right but Actually, I am also looking for any other alternative of bcrypt in meteor app. – Rohit Luthra Aug 18 '17 at 12:58
  • Alternative as in a different hashing algorithm, or a different way to use bcrypt? I'd really recommend just using `accounts-password` unless you have a really good reason not to (or unless this is just a learning exercise). – Joe Clay Aug 18 '17 at 13:05
  • Please re-write the code correctly using asynchronous callbacks or promises first – CaptEmulation Aug 18 '17 at 13:13
  • I need multiple other fields in my user collection thats why I am not using `accounts-password`. – Rohit Luthra Aug 18 '17 at 13:15
  • 1
    Your user collection can have any fields you like. `accounts-password` has nothing to do with it. – tomsp Aug 18 '17 at 13:17
  • But as I saw in documentation http://docs.meteor.com/api/passwords.html and I thought there are only 4 default fields and there is no any way to add more fields and Email field is compulsory and I don't need email field in my user schema. – Rohit Luthra Aug 18 '17 at 13:18
  • The `profile` option can be used when creating a user to store arbitrary data. It's an object, you can put as many fields as you like in there. – Joe Clay Aug 18 '17 at 13:24
  • And what If I don't want email or username as a fields. So as you told I will use `profile` option for mobile number instead of email or username. – Rohit Luthra Aug 18 '17 at 13:26
  • And all other details I need to store will be under profile option and If I want them as separate fields similar to profile or password not as a part of profile. – Rohit Luthra Aug 18 '17 at 13:28
  • I updated my code to work fine by wrapping callbacks in Meteor.bindEnvironment. But I still I want to know any other native way to encrypt(hash) my password. – Rohit Luthra Aug 18 '17 at 13:39

0 Answers0