Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,120 --> 00:00:02,370
So in this lecture,
2
00:00:02,370 --> 00:00:06,430
we're gonna manage our users passwords in the database.
3
00:00:06,430 --> 00:00:08,790
And by that I mean to first validate
4
00:00:08,790 --> 00:00:12,660
if the inputted password is equal to the confirmed password
5
00:00:12,660 --> 00:00:16,379
and then also to encrypt the password in the database
6
00:00:16,379 --> 00:00:18,633
in order to secure it against attacks.
7
00:00:20,320 --> 00:00:22,330
And so the first thing that we're gonna do
8
00:00:22,330 --> 00:00:26,690
is to validate if the two inputted passwords are the same.
9
00:00:26,690 --> 00:00:28,840
And the best place to do that is here
10
00:00:28,840 --> 00:00:31,760
in the confirm password, okay?
11
00:00:31,760 --> 00:00:36,283
And so let's write our custom validator for that, all right?
12
00:00:38,480 --> 00:00:41,890
So remember, we use the validate property
13
00:00:41,890 --> 00:00:44,270
and then since we want to create a function
14
00:00:44,270 --> 00:00:48,420
and also an error message, let's open a new object here
15
00:00:49,480 --> 00:00:51,990
and then in there create validator,
16
00:00:51,990 --> 00:00:53,920
which is gonna be the function
17
00:00:53,920 --> 00:00:56,370
and let's actually start with this one.
18
00:00:56,370 --> 00:00:58,780
So, remember, all we need here is to specify
19
00:00:58,780 --> 00:01:01,770
a simple callback function which is then gonna be called
20
00:01:01,770 --> 00:01:03,853
when the new document is created.
21
00:01:04,940 --> 00:01:06,163
So, function,
22
00:01:07,210 --> 00:01:10,320
and here again, we cannot use an arrow function
23
00:01:10,320 --> 00:01:13,183
because we actually need to use the disk keyword.
24
00:01:14,690 --> 00:01:15,523
Okay?
25
00:01:16,560 --> 00:01:19,180
So, remember that from the validator function
26
00:01:19,180 --> 00:01:21,470
we return either true or false
27
00:01:21,470 --> 00:01:23,960
and if the return value is false,
28
00:01:23,960 --> 00:01:27,550
then it means that we're gonna get a validation error, okay?
29
00:01:27,550 --> 00:01:29,630
And, of course, if it's true, then not.
30
00:01:29,630 --> 00:01:33,820
And so what we want here is to say that the current element
31
00:01:33,820 --> 00:01:37,643
so, password confirm, is equal to this dot password,
32
00:01:37,643 --> 00:01:40,760
so, password confirm, is equal to this dot password,
33
00:01:40,760 --> 00:01:42,350
and that's actually it!
34
00:01:42,350 --> 00:01:46,510
So, for example, if password confirm is A-B-C,
35
00:01:46,510 --> 00:01:49,520
and password is also A-B-C,
36
00:01:49,520 --> 00:01:52,530
then this will of course return true, all right?
37
00:01:52,530 --> 00:01:54,330
And so then the validation is passed
38
00:01:54,330 --> 00:01:56,550
and no error will occur.
39
00:01:56,550 --> 00:02:00,440
But, if the initial password is, let's say, X-Y-Z,
40
00:02:00,440 --> 00:02:02,860
well then of course this is gonna return false
41
00:02:02,860 --> 00:02:05,820
and we're gonna have a validation error, okay?
42
00:02:05,820 --> 00:02:08,660
So, very simple, but we need to keep in mind
43
00:02:08,660 --> 00:02:12,320
that this is only gonna work on save, okay?
44
00:02:12,320 --> 00:02:13,950
So I talked about that before
45
00:02:13,950 --> 00:02:17,840
when we used the custom validator on the tour model, right?
46
00:02:17,840 --> 00:02:19,740
But I'm reminding you of that here again
47
00:02:19,740 --> 00:02:24,120
because this is absolutely crucial here in this point, okay?
48
00:02:24,120 --> 00:02:26,423
So let me actually write it down here for you.
49
00:02:27,739 --> 00:02:29,010
(keyboard clicking)
50
00:02:29,010 --> 00:02:30,410
On
51
00:02:30,410 --> 00:02:32,050
save.
52
00:02:32,050 --> 00:02:32,883
Okay?
53
00:02:32,883 --> 00:02:35,740
And for this reason, whenever we want to update a user,
54
00:02:35,740 --> 00:02:38,250
we will always have to use save as well
55
00:02:38,250 --> 00:02:41,010
and not, for example, find one and update
56
00:02:41,010 --> 00:02:43,310
like we did with our tours, okay?
57
00:02:43,310 --> 00:02:45,570
So let's keep this in mind when we write
58
00:02:45,570 --> 00:02:48,730
the rest of the code throughout the rest of the section
59
00:02:48,730 --> 00:02:51,670
and especially for updating, okay?
60
00:02:51,670 --> 00:02:54,400
Because let's say that we updated the user's password
61
00:02:54,400 --> 00:02:56,320
simply with a regular update.
62
00:02:56,320 --> 00:02:58,910
Then in that case, this password confirm validation
63
00:02:58,910 --> 00:03:01,540
that we have here would no longer work, okay?
64
00:03:01,540 --> 00:03:04,670
And of course that cannot happen, okay?
65
00:03:04,670 --> 00:03:08,410
And so, again, keep in mind that this will only work
66
00:03:08,410 --> 00:03:12,920
when we create a new object, so on dot create, or on save.
67
00:03:12,920 --> 00:03:13,753
Okay?
68
00:03:13,753 --> 00:03:15,524
So, on create and save,
69
00:03:15,524 --> 00:03:18,550
So, on create and save,
70
00:03:18,550 --> 00:03:19,383
All right?
71
00:03:19,383 --> 00:03:22,830
So we create new object using create, right?
72
00:03:22,830 --> 00:03:25,431
So, right here, used a dot create
73
00:03:25,431 --> 00:03:27,100
So, right here, used a dot create
74
00:03:27,100 --> 00:03:28,463
but remember how I also showed you
75
00:03:28,463 --> 00:03:31,143
that we can use a user dot save,
76
00:03:33,100 --> 00:03:35,160
like this, right?
77
00:03:35,160 --> 00:03:38,470
And in fact, we can also use a user dot save
78
00:03:38,470 --> 00:03:41,550
in order to update the user, all right?
79
00:03:41,550 --> 00:03:43,593
But again, more about it a bit later.
80
00:03:44,820 --> 00:03:45,810
Okay?
81
00:03:45,810 --> 00:03:50,063
So let's now actually try out this validation here, okay?
82
00:03:51,230 --> 00:03:53,280
So first of all, let's actually
83
00:03:53,280 --> 00:03:55,210
just try to create a new user
84
00:03:55,210 --> 00:03:57,660
with this data here which should not work
85
00:03:57,660 --> 00:04:01,020
because we already have a user with this email address
86
00:04:01,020 --> 00:04:03,290
and we said that this one should be unique
87
00:04:03,290 --> 00:04:04,590
and so it should not work.
88
00:04:06,330 --> 00:04:10,276
Okay, and so of course our duplicate key error, right?
89
00:04:10,276 --> 00:04:12,210
Okay, and so of course our duplicate key error, right?
90
00:04:12,210 --> 00:04:14,170
Now if you were in production, then of course
91
00:04:14,170 --> 00:04:17,040
we already would get our nicely formatted error
92
00:04:17,040 --> 00:04:19,620
that we created in the last section, right?
93
00:04:19,620 --> 00:04:23,730
But right now we are in development and so that's the error
94
00:04:23,730 --> 00:04:25,383
that we defined we want to see.
95
00:04:26,510 --> 00:04:27,343
Okay?
96
00:04:28,440 --> 00:04:30,890
So let's simply use another email here
97
00:04:30,890 --> 00:04:33,060
and since we're working on the email here,
98
00:04:33,060 --> 00:04:36,593
let's also see how the email address validation works.
99
00:04:37,650 --> 00:04:40,833
So let's say that we specified this as our email.
100
00:04:42,190 --> 00:04:46,830
And so, we see the error, "please provide a valid email."
101
00:04:46,830 --> 00:04:47,663
Okay?
102
00:04:48,660 --> 00:04:51,320
So let's test it just like this because I think that this
103
00:04:51,320 --> 00:04:53,120
should also not be valid.
104
00:04:53,120 --> 00:04:55,043
Maybe it is, but let's see.
105
00:04:56,170 --> 00:04:57,840
And yeah, actually it's not because
106
00:04:57,840 --> 00:05:01,050
there are no domain names with only one letter, okay?
107
00:05:01,050 --> 00:05:03,990
And so this validator is pretty specific
108
00:05:03,990 --> 00:05:05,890
so it's really good.
109
00:05:05,890 --> 00:05:09,080
Now if we do it like this, then of course it should work.
110
00:05:09,080 --> 00:05:11,000
But anyway, what we wanted to test here
111
00:05:11,000 --> 00:05:13,860
is these different passwords, okay?
112
00:05:13,860 --> 00:05:15,460
And I remember now that we actually
113
00:05:15,460 --> 00:05:18,493
didn't create an error message, I believe.
114
00:05:19,430 --> 00:05:21,070
And yeah, we didn't.
115
00:05:21,070 --> 00:05:22,993
And so, let's add that here as well.
116
00:05:25,120 --> 00:05:26,113
So message,
117
00:05:28,510 --> 00:05:29,510
are not
118
00:05:30,930 --> 00:05:31,803
the same.
119
00:05:32,900 --> 00:05:33,733
Okay.
120
00:05:35,580 --> 00:05:38,390
So let's add something here, doesn't matter.
121
00:05:38,390 --> 00:05:42,613
And so now, passwords are not the same, okay?
122
00:05:43,460 --> 00:05:45,233
So perfect.
123
00:05:45,233 --> 00:05:48,333
And now of course our validation should be passed.
124
00:05:49,640 --> 00:05:53,690
And indeed, it is and we created our new user.
125
00:05:53,690 --> 00:05:55,900
Let's head over to Compass here,
126
00:05:55,900 --> 00:05:58,640
take a look, and then actually delete it
127
00:05:58,640 --> 00:06:02,953
so that I can later create more users with the same email.
128
00:06:04,330 --> 00:06:05,163
All right?
129
00:06:05,163 --> 00:06:07,310
And we don't want all this junk here anyway
130
00:06:07,310 --> 00:06:09,990
so all these test users, okay?
131
00:06:09,990 --> 00:06:13,330
But now, the next step is to actually encrypt
132
00:06:13,330 --> 00:06:15,560
these plain passwords that we are storing
133
00:06:15,560 --> 00:06:17,570
in our database right now.
134
00:06:17,570 --> 00:06:19,940
So, as I mentioned in the last video,
135
00:06:19,940 --> 00:06:21,950
when we are working with authentication,
136
00:06:21,950 --> 00:06:24,220
one of the most fundamental principles
137
00:06:24,220 --> 00:06:29,090
is to never ever store plain passwords in a database, okay?
138
00:06:29,090 --> 00:06:33,170
So that is something that's absolutely not acceptable, okay?
139
00:06:33,170 --> 00:06:36,650
So we should really always encrypt user's passwords
140
00:06:36,650 --> 00:06:38,510
because imagine that for some reason,
141
00:06:38,510 --> 00:06:41,250
a hacker gets access to the database.
142
00:06:41,250 --> 00:06:44,880
If then the passwords are stored in plain text in there,
143
00:06:44,880 --> 00:06:47,550
then he can simply login as any user
144
00:06:47,550 --> 00:06:49,720
and then do whatever he really wants
145
00:06:49,720 --> 00:06:52,730
and cause a lot of damage in some cases, okay?
146
00:06:52,730 --> 00:06:55,770
And so we need to absolutely prevent that.
147
00:06:55,770 --> 00:06:58,563
And so let's now go ahead and implement this.
148
00:06:59,870 --> 00:07:03,610
Now, where is the best place to actually do that?
149
00:07:03,610 --> 00:07:07,270
Well, I would argue that the model is always the best place
150
00:07:07,270 --> 00:07:10,160
to do this kind of functionality.
151
00:07:10,160 --> 00:07:12,110
So in this case, the encryption
152
00:07:12,110 --> 00:07:14,960
because it really has to do with the data itself
153
00:07:14,960 --> 00:07:16,730
and so it should be on the model
154
00:07:16,730 --> 00:07:19,070
and not in the controller, okay?
155
00:07:19,070 --> 00:07:22,022
So again, keep the fat models, thin controllers
156
00:07:22,022 --> 00:07:24,040
philosophy in mind here.
157
00:07:24,040 --> 00:07:24,873
All right?
158
00:07:27,260 --> 00:07:31,170
So how are we gonna now implement this encryption?
159
00:07:31,170 --> 00:07:33,660
Well, this is another perfect use case
160
00:07:33,660 --> 00:07:36,050
for using Mongoose middleware.
161
00:07:36,050 --> 00:07:37,430
And the one that we're gonna use
162
00:07:37,430 --> 00:07:39,210
is a pre-save middleware.
163
00:07:39,210 --> 00:07:42,630
So basically document middleware, okay?
164
00:07:42,630 --> 00:07:47,630
So, remember that we defined that on the schema, okay?
165
00:07:47,760 --> 00:07:50,130
And in this case, we want to set a pre-hook,
166
00:07:50,130 --> 00:07:52,928
so a pre-middleware on save, all right?
167
00:07:52,928 --> 00:07:54,490
so a pre-middleware on save, all right?
168
00:07:54,490 --> 00:07:56,750
And the reason why we're doing it like this
169
00:07:56,750 --> 00:07:58,320
is that the middleware function
170
00:07:58,320 --> 00:08:01,240
that we're gonna specify here, so the encryption,
171
00:08:01,240 --> 00:08:03,660
is then gonna be happened between the moment
172
00:08:03,660 --> 00:08:05,990
that we receive that data and the moment
173
00:08:05,990 --> 00:08:09,340
where it's actually persisted to the database, okay?
174
00:08:09,340 --> 00:08:12,200
So that's where the pre-save middleware runs.
175
00:08:12,200 --> 00:08:15,600
Between getting the data and saving it to the database.
176
00:08:15,600 --> 00:08:19,210
And so that's the perfect time to manipulate the data.
177
00:08:19,210 --> 00:08:20,420
All right?
178
00:08:20,420 --> 00:08:21,253
So,
179
00:08:22,480 --> 00:08:26,010
a function, and then remember we have access
180
00:08:26,010 --> 00:08:29,740
to the next function in order to call the next middleware.
181
00:08:29,740 --> 00:08:33,220
Okay, now we actually only want to encrypt the password
182
00:08:33,220 --> 00:08:37,400
if the password field has actually been updated, okay?
183
00:08:37,400 --> 00:08:40,900
So basically only when really the password is changed
184
00:08:40,900 --> 00:08:43,370
or also when it's created new, all right?
185
00:08:43,370 --> 00:08:46,890
Because imagine the user is only updating the email.
186
00:08:46,890 --> 00:08:48,340
Then in that case, of course,
187
00:08:48,340 --> 00:08:51,760
we do not want to encrypt the password again, right?
188
00:08:51,760 --> 00:08:54,420
And so we can do that with Mongoose.
189
00:08:54,420 --> 00:08:58,130
And so we're gonna say, if and then this,
190
00:08:58,130 --> 00:09:00,840
which refers to the current document, right?
191
00:09:00,840 --> 00:09:03,070
And so in this case, to the current user
192
00:09:03,070 --> 00:09:04,583
and then is modified.
193
00:09:06,690 --> 00:09:07,523
Okay?
194
00:09:07,523 --> 00:09:10,670
So we have a method on all documents which we can use
195
00:09:10,670 --> 00:09:13,260
if a certain field has been modified.
196
00:09:13,260 --> 00:09:16,270
And so here, we need to pass in the name of the field,
197
00:09:16,270 --> 00:09:17,940
so "password."
198
00:09:17,940 --> 00:09:18,773
Okay?
199
00:09:18,773 --> 00:09:21,080
And so basically, what we want to do here
200
00:09:21,080 --> 00:09:24,440
is to say that if the password has not been modified,
201
00:09:24,440 --> 00:09:27,540
so not, then in that case, let's simply
202
00:09:27,540 --> 00:09:30,520
return from this function and not run
203
00:09:30,520 --> 00:09:32,320
any of the other code that's in here
204
00:09:33,160 --> 00:09:34,863
and then call the next middleware.
205
00:09:35,834 --> 00:09:36,667
Okay?
206
00:09:37,930 --> 00:09:41,170
So again, if the password has not been modified,
207
00:09:41,170 --> 00:09:42,810
then let's just exit this function
208
00:09:42,810 --> 00:09:44,600
and call the next middleware.
209
00:09:44,600 --> 00:09:46,770
Otherwise we will then run the code
210
00:09:46,770 --> 00:09:48,580
that I'm gonna put in here.
211
00:09:48,580 --> 00:09:51,270
And so now it's finally time to actually encrypt,
212
00:09:51,270 --> 00:09:55,200
or as we can also say, to hash the password, okay?
213
00:09:55,200 --> 00:09:58,490
So you will see the term "hash" or "hashing" all the time
214
00:09:58,490 --> 00:10:01,890
and so that basically means encryption as well, okay?
215
00:10:01,890 --> 00:10:05,440
Now we are gonna do this encryption, or hashing,
216
00:10:05,440 --> 00:10:08,580
using a very well-known and well-studied
217
00:10:08,580 --> 00:10:13,230
and very popular hashing algorithm called bcrypt.
218
00:10:13,230 --> 00:10:14,290
Okay?
219
00:10:14,290 --> 00:10:18,200
So this algorithm will first salt then hash our password
220
00:10:18,200 --> 00:10:21,130
in order to make it really strong to protect it
221
00:10:21,130 --> 00:10:23,760
against bruteforce attacks, all right?
222
00:10:23,760 --> 00:10:25,280
And so that's the whole reason
223
00:10:25,280 --> 00:10:27,600
why encryption needs to be really strong.
224
00:10:27,600 --> 00:10:30,360
Because bruteforce attacks could try to guess
225
00:10:30,360 --> 00:10:34,040
a certain passwords if it's not really strong encrypted.
226
00:10:34,040 --> 00:10:37,990
And remember how I said that bcrypt will salt our password
227
00:10:37,990 --> 00:10:40,950
and that just means that it's gonna add a random string
228
00:10:40,950 --> 00:10:44,500
to the password so that two equal passwords
229
00:10:44,500 --> 00:10:47,430
do not generate the same hash, okay?
230
00:10:47,430 --> 00:10:48,490
Make sense?
231
00:10:48,490 --> 00:10:51,520
Now I'm not gonna go into all the cryptographic details
232
00:10:51,520 --> 00:10:53,940
on how this really works behind the scenes
233
00:10:53,940 --> 00:10:56,850
and why we need such a complex system, okay?
234
00:10:56,850 --> 00:11:00,140
But of course you can read all you want about bcrypt online.
235
00:11:00,140 --> 00:11:02,830
There's really a ton of interesting stuff
236
00:11:02,830 --> 00:11:05,290
to discover there, all right?
237
00:11:05,290 --> 00:11:09,270
Anyway, let's now go ahead and use the bcrypt js package
238
00:11:09,270 --> 00:11:12,133
in order to use this algorithm.
239
00:11:13,790 --> 00:11:14,623
So,
240
00:11:15,560 --> 00:11:16,393
so npm install
241
00:11:16,393 --> 00:11:17,660
so npm install
242
00:11:19,156 --> 00:11:19,989
bcryptjs.
243
00:11:19,989 --> 00:11:20,822
bcryptjs.
244
00:11:20,822 --> 00:11:21,655
bcryptjs.
245
00:11:21,655 --> 00:11:22,488
Okay?
246
00:11:22,488 --> 00:11:25,410
And so this basically is a bcrypt implementation
247
00:11:25,410 --> 00:11:26,713
for Javascript.
248
00:11:27,650 --> 00:11:28,750
Okay?
249
00:11:28,750 --> 00:11:30,720
Let's go back to our main terminal
250
00:11:32,550 --> 00:11:34,513
and then go ahead and import it here.
251
00:11:36,092 --> 00:11:38,972
And this one is by default only called bcrypt, okay?
252
00:11:38,972 --> 00:11:40,820
And this one is by default only called bcrypt, okay?
253
00:11:40,820 --> 00:11:41,873
And not bcryptjs.
254
00:11:42,889 --> 00:11:45,889
(keyboard clicking)
255
00:11:49,330 --> 00:11:50,163
All right.
256
00:11:53,360 --> 00:11:54,193
All right.
257
00:11:54,193 --> 00:11:56,033
And now, let's actually use it.
258
00:11:56,970 --> 00:12:00,293
So, we want to say that this dot password,
259
00:12:01,370 --> 00:12:03,510
so the current password in this document
260
00:12:04,590 --> 00:12:07,381
should be equal to bcrypt dot hash
261
00:12:07,381 --> 00:12:10,214
should be equal to bcrypt dot hash
262
00:12:11,600 --> 00:12:13,100
and then our current password.
263
00:12:14,640 --> 00:12:15,473
Okay?
264
00:12:15,473 --> 00:12:19,600
And then in here we need to specify a cost parameter, okay?
265
00:12:19,600 --> 00:12:22,100
And we could actually do this in two ways.
266
00:12:22,100 --> 00:12:25,700
So the first way will to be manually generating the salt,
267
00:12:25,700 --> 00:12:27,740
so that random string basically,
268
00:12:27,740 --> 00:12:29,727
that is gonna be added to our password
269
00:12:29,727 --> 00:12:33,770
and then use that salt here in this hash function.
270
00:12:33,770 --> 00:12:34,603
All right?
271
00:12:34,603 --> 00:12:36,480
But instead, to make it a bit easier,
272
00:12:36,480 --> 00:12:39,260
we can also simply pass a cost parameter
273
00:12:39,260 --> 00:12:40,620
into this function here.
274
00:12:40,620 --> 00:12:42,920
And so that is basically a measure
275
00:12:42,920 --> 00:12:47,360
of how CPU intensive this operation will be, all right?
276
00:12:47,360 --> 00:12:50,230
And the default value here I believe is 10,
277
00:12:50,230 --> 00:12:53,130
but right now it's a bit better actually to use 12
278
00:12:53,130 --> 00:12:55,810
because computers have become more and more powerful.
279
00:12:55,810 --> 00:12:58,800
So like 20 years ago, you could have used eight here
280
00:12:58,800 --> 00:13:01,170
and then a bit later than 10,
281
00:13:01,170 --> 00:13:04,670
but right now at this point in time, it's best to use 12.
282
00:13:04,670 --> 00:13:06,610
And so the higher this cost here,
283
00:13:06,610 --> 00:13:09,610
basically the more CPU intensive the process will be
284
00:13:09,610 --> 00:13:13,350
and the better the password will be encrypted, okay?
285
00:13:13,350 --> 00:13:15,070
And of course we could go even higher,
286
00:13:15,070 --> 00:13:17,750
but then it would take way too long, all right?
287
00:13:17,750 --> 00:13:20,330
And I will show that to you in a second.
288
00:13:20,330 --> 00:13:21,163
Okay?
289
00:13:21,163 --> 00:13:22,910
But for now, let's actually finish this
290
00:13:22,910 --> 00:13:26,060
because there is one thing left here.
291
00:13:26,060 --> 00:13:29,040
So this hash here is actually the asynchronous version,
292
00:13:29,040 --> 00:13:31,440
but there also is a synchronous version.
293
00:13:31,440 --> 00:13:33,960
But as you already know, we do not want to use
294
00:13:33,960 --> 00:13:35,313
the synchronous version because
295
00:13:35,313 --> 00:13:38,810
that will block the event loop and then prevent other users
296
00:13:38,810 --> 00:13:41,000
from using the application.
297
00:13:41,000 --> 00:13:43,350
So just like we learned in the beginning.
298
00:13:43,350 --> 00:13:45,230
And so of course we want to use
299
00:13:45,230 --> 00:13:48,130
the asynchronous version which is this one.
300
00:13:48,130 --> 00:13:50,210
And this will then return a promise
301
00:13:50,210 --> 00:13:53,860
and that promise, of course, we need to await.
302
00:13:53,860 --> 00:13:58,860
And so, we need to use await and then say that this function
303
00:13:58,960 --> 00:14:02,513
is an async function, just like this.
304
00:14:04,730 --> 00:14:06,860
So, let's recap that here.
305
00:14:06,860 --> 00:14:09,780
So, we want to set our current password
306
00:14:09,780 --> 00:14:14,780
basically to encrypt this version of the original password
307
00:14:14,780 --> 00:14:17,500
with a cost of 12, not to make it too easy
308
00:14:17,500 --> 00:14:21,690
to break the password, but also not to make the application
309
00:14:21,690 --> 00:14:25,423
take too long for encrypting the password, all right?
310
00:14:25,423 --> 00:14:27,920
So with this, we encrypted our password
311
00:14:27,920 --> 00:14:30,070
and now in the end, what we need to do
312
00:14:30,070 --> 00:14:33,840
is to basically delete the confirm password, all right?
313
00:14:33,840 --> 00:14:35,670
Because at this point in time,
314
00:14:35,670 --> 00:14:38,663
we only have the real password hashed, right?
315
00:14:40,560 --> 00:14:42,489
So, this dot password confirm,
316
00:14:42,489 --> 00:14:43,643
So, this dot password confirm,
317
00:14:43,643 --> 00:14:45,980
and how we basically delete the field,
318
00:14:45,980 --> 00:14:48,740
so not to be persisted in the database
319
00:14:48,740 --> 00:14:51,440
is to set it to undefined.
320
00:14:51,440 --> 00:14:52,400
All right?
321
00:14:52,400 --> 00:14:55,970
So, we really only need this password confirm here
322
00:14:55,970 --> 00:14:58,950
for the validation that we implemented before.
323
00:14:58,950 --> 00:15:00,730
So just to make sure that the user
324
00:15:00,730 --> 00:15:03,160
actually inputted two equal passwords
325
00:15:03,160 --> 00:15:06,660
so that he doesn't make any mistakes with his password.
326
00:15:06,660 --> 00:15:07,590
Right?
327
00:15:07,590 --> 00:15:10,300
And so after this validation was successful,
328
00:15:10,300 --> 00:15:13,060
we actually no longer need this field
329
00:15:13,060 --> 00:15:16,710
so we really do not want to persist it to the database.
330
00:15:16,710 --> 00:15:20,130
And so that's why we simply set it here to undefined.
331
00:15:20,130 --> 00:15:21,150
All right?
332
00:15:21,150 --> 00:15:23,220
Now you might wonder why this works
333
00:15:23,220 --> 00:15:25,920
because we actually set password confirm
334
00:15:25,920 --> 00:15:27,800
to a required, right?
335
00:15:27,800 --> 00:15:30,750
But that simply means that it's a required input,
336
00:15:30,750 --> 00:15:33,650
not that it's required to actually be persisted
337
00:15:33,650 --> 00:15:35,149
to the database, okay?
338
00:15:35,149 --> 00:15:36,982
to the database, okay?
339
00:15:38,393 --> 00:15:42,390
Now, just to finish, we of course need to also call next.
340
00:15:42,390 --> 00:15:43,240
Okay?
341
00:15:43,240 --> 00:15:44,290
Let's give it a save.
342
00:15:45,640 --> 00:15:47,440
And actually I'm gonna add some comments here
343
00:15:47,440 --> 00:15:49,370
to make it really clear for you.
344
00:15:49,370 --> 00:15:52,400
So basically what this does, is to only run
345
00:15:54,180 --> 00:15:55,050
this function
346
00:15:56,160 --> 00:15:57,190
if password
347
00:15:58,930 --> 00:16:00,533
was actually modified.
348
00:16:05,070 --> 00:16:05,903
Then here,
349
00:16:08,840 --> 00:16:11,803
hash the password with cost of 12.
350
00:16:14,785 --> 00:16:16,300
And then,
351
00:16:16,300 --> 00:16:19,443
delete the password confirm field.
352
00:16:20,750 --> 00:16:21,583
Okay.
353
00:16:21,583 --> 00:16:24,453
And now, let's go ahead and test this.
354
00:16:25,660 --> 00:16:29,590
And I will now create a new user with exactly this data
355
00:16:29,590 --> 00:16:32,470
and let's now take a look at the result.
356
00:16:32,470 --> 00:16:36,460
And indeed, we now get this very weird looking password
357
00:16:36,460 --> 00:16:40,163
which indeed is the encrypted version of pass1234.
358
00:16:41,410 --> 00:16:45,580
And also, as you see, password confirm is no longer here.
359
00:16:45,580 --> 00:16:46,413
Okay?
360
00:16:46,413 --> 00:16:48,930
And so just like this, we now stored users
361
00:16:48,930 --> 00:16:51,353
in a secure way in our database.
362
00:16:52,280 --> 00:16:55,310
Let me now just show you how it will work
363
00:16:55,310 --> 00:16:58,233
if we, for example, set it to 16 here.
364
00:17:00,740 --> 00:17:02,540
And I need to change the email here.
365
00:17:03,540 --> 00:17:07,119
And so that should now take a lot of time
366
00:17:07,119 --> 00:17:09,180
and I'm not sure if I can even wait.
367
00:17:09,180 --> 00:17:12,490
Oh, actually it took like four and a half seconds.
368
00:17:12,490 --> 00:17:17,319
But that's still a bit too much I believe, okay?
369
00:17:17,319 --> 00:17:18,980
So,
370
00:17:18,980 --> 00:17:20,329
let's set it back to 12
371
00:17:21,410 --> 00:17:24,507
and so that should be better, okay?
372
00:17:24,507 --> 00:17:26,670
And now let's just, again, delete
373
00:17:26,670 --> 00:17:29,630
these users here that we just created.
374
00:17:29,630 --> 00:17:32,110
And actually I need to get rid of this first one
375
00:17:32,110 --> 00:17:36,000
because this one still has the password in plain text.
376
00:17:36,000 --> 00:17:38,090
And so this user is not gonna work
377
00:17:38,090 --> 00:17:40,370
when we start to actually login users
378
00:17:40,370 --> 00:17:42,621
based on their password.
379
00:17:42,621 --> 00:17:44,250
Okay?
380
00:17:44,250 --> 00:17:45,743
So let's get rid of this.
381
00:17:52,780 --> 00:17:54,060
Okay?
382
00:17:54,060 --> 00:17:56,170
And also what I wanted to show you here
383
00:17:57,510 --> 00:17:59,880
is that we put in the exact same password
384
00:17:59,880 --> 00:18:02,390
for these two users that we created, right?
385
00:18:02,390 --> 00:18:04,520
But you see that the encrypted password
386
00:18:04,520 --> 00:18:07,630
is actually very different, right?
387
00:18:07,630 --> 00:18:09,820
And so that's the power of salting the password
388
00:18:09,820 --> 00:18:11,043
before hashing it.
389
00:18:12,220 --> 00:18:13,060
All right?
390
00:18:13,060 --> 00:18:17,250
So just like this, we, again, implemented a very secure
391
00:18:17,250 --> 00:18:19,313
and good password management.
30026
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.