0

I would like to query my Redis server for a username's matching password. How can I do this? I have very little experience with both Redis and Node so I wasn't able to find the key that stores such.

Any help is well appreciated!

Jire
  • 9,680
  • 14
  • 52
  • 87

1 Answers1

1

Look in file /src/routes/authentication.js. There you have Auth.login function which get username, password as parameters. Then you have getUidByUserslug function on user object which is call at first and returns you userID (_uid) from redis hash called 'userslug:uid' (look in /src/user.js file db.getObjectField('userslug:uid', userslug, callback); function). Next step is getting user by user ID from 'user:' + uid hash, stored in redis. This is done using db.getObjectFields('user:' + uid, ['password', 'banned'], next); function in authenticate.js file.

The following is Auth.login function: 

Auth.login = function(req, username, password, next) {
    if (!username || !password) {
        return next(new Error('[[error:invalid-password]]'));
    }

    var userslug = utils.slugify(username);
    var uid;

    async.waterfall([
        function(next) {
            user.getUidByUserslug(userslug, next);
        },
        function(_uid, next) {
            if (!_uid) {
                return next(new Error('[[error:no-user]]'));
            }
            uid = _uid;
            user.auth.logAttempt(uid, req.ip, next);
        },
        function(next) {
            db.getObjectFields('user:' + uid, ['password', 'banned'], next);
        },
        function(userData, next) {
            if (!userData || !userData.password) {
                return next(new Error('[[error:invalid-user-data]]'));
            }
            if (userData.banned && parseInt(userData.banned, 10) === 1) {
                return next(new Error('[[error:user-banned]]'));
            }
            Password.compare(password, userData.password, next);
        },
        function(passwordMatch, next) {
            if (!passwordMatch) {
                return next(new Error('[[error:invalid-password]]'));
            }
            user.auth.clearLoginAttempts(uid);
            next(null, {uid: uid}, '[[success:authentication-successful]]');
        }
    ], next);
};
Edgar
  • 1,143
  • 10
  • 12
  • Thanks so much, I'm actually doing this in Java and was able to find a way to sorta do this. I am using jedis but anyway there is a password field of the redis hash "user:" with the UID afterwards. Do you know how I could generate the same hash as stored in this field from Java? I don't know much about cryptography but I'm just wondering if there are any extra steps I need to use this (certain configuration for it): http://www.mindrot.org/projects/jBCrypt/ – Jire Mar 30 '15 at 07:58
  • 1
    jBCrypt is similar to the library bcryptjs which used in NodeBB. So you can use it for generating password hashes. – Edgar Mar 30 '15 at 08:19