Current section: Password 5 exercises

Secure Password Creation with Prisma

Loading solution


00:00 We're gonna use bcrypt to create our password. So let's go to our seed right here and let's go down to Cody first. I like to update Cody's password first, right here. So we're gonna add a password field right here. And this is again, another model. So we're gonna have a create and then that's gonna have a hash and we're gonna generate this hash

00:19 the same way we want to generate it in our application. That's using bcrypt and bcrypt, yeah, sure. Hash sync, Cody loves you, that's perfect. With a iteration cycle of 10, so that works fine. But yeah, we need to bring in bcrypt.

00:35 So let's come up here, import bcrypt from bcrypt. There we go. And that should do it for us. So we can create a string or a hash of our password and that takes care of that. But we're gonna be doing this in a couple other places, not only inside of this file,

00:57 but also in our tests in the future. So I have a little place for us to do that. We're gonna go into our test directory and we have this dbutils. That's where our create user was moved to. And we're gonna make a function here called create password.

01:14 This is gonna take a password that's of type string and we're gonna default it to faker.internet password. So that way, if you don't pass us a password, that's fine. We'll just make one for you. And then return what you need to create a password. So that's just the hash with bcrypt and iteration of 10.

01:34 So let's grab that import of bcrypt, stick that right there. And then instead of using bcrypt here, we can simply say create password. Create password. We're gonna need to export that. Yep, there we go, export.

01:51 Okay, create password from our dbutils and Cody loves you. There it is. And then for our user create right here, we can say password, create, create password, and we'll do the user's username.

02:12 And that works out perfectly. So now we can run our seed script, npx prisma db seed. And that should just take a moment. And once that's finished, we can take a look at our data right here and we should see passwords. Ta-da, that's what it looks like. It's amazing. The password that's generated by bcrypt

02:36 actually has the hash and the salt combined into one field. So that's why we don't have to worry about storing the salt separately. They stick it into one. And that way it's nice and secure based on a really long lived algorithm for, and battle tested algorithm for storing passwords securely.

02:56 So even if somebody managed to get access to our data, they would have a very difficult time cracking these passwords. It's always possible. Like no, don't listen to anybody who says it's impossible to crack something like this, but it is so difficult that nobody would be likely to try. So a quick review.

03:16 All that we did was we have this util create password. It uses bcrypt to create a hash of the password that is given. And then in our seed script, we add a password to our user create to create a password for our users that we're seeding. So we're getting a little bit closer

03:35 to having the ability to verify the password. And that's what we're gonna be doing next.