From 5d1a4418bd58bcc12807973782d4450951e6e71e Mon Sep 17 00:00:00 2001
From: kirrg001 <katharina.irrgang@googlemail.com>
Date: Thu, 15 Feb 2018 21:13:04 +0100
Subject: [PATCH] Added lib.security.password lib

no issue

- move password hashing and password comparison to lib/security/password
- added two unit test
- FYI: password hashing takes ~100ms
  - we could probably mock password hashing in certain cases when unit testing
---
 ghost/security/lib/index.js    |  4 ++++
 ghost/security/lib/password.js | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 ghost/security/lib/password.js

diff --git a/ghost/security/lib/index.js b/ghost/security/lib/index.js
index 25d5e9f492..d5818653cb 100644
--- a/ghost/security/lib/index.js
+++ b/ghost/security/lib/index.js
@@ -15,5 +15,9 @@ module.exports = {
 
     get identifier() {
         return require('./identifier');
+    },
+
+    get password() {
+        return require('./password');
     }
 };
diff --git a/ghost/security/lib/password.js b/ghost/security/lib/password.js
new file mode 100644
index 0000000000..1de7c0db1f
--- /dev/null
+++ b/ghost/security/lib/password.js
@@ -0,0 +1,18 @@
+'use strict';
+
+module.exports.hash = function hash(plainPassword) {
+    const bcrypt = require('bcryptjs'),
+        bcryptGenSalt = Promise.promisify(bcrypt.genSalt),
+        bcryptHash = Promise.promisify(bcrypt.hash);
+
+    return bcryptGenSalt().then(function (salt) {
+        return bcryptHash(plainPassword, salt);
+    });
+};
+
+module.exports.compare = function compare(plainPassword, hashedPassword) {
+    const bcrypt = require('bcryptjs'),
+        bcryptCompare = Promise.promisify(bcrypt.compare);
+
+    return bcryptCompare(plainPassword, hashedPassword);
+};