1
00:00:01,120 --> 00:00:02,370
‫So in this lecture,

2
00:00:02,370 --> 00:00:06,430
‫we're gonna manage our users passwords in the database.

3
00:00:06,430 --> 00:00:08,790
‫And by that I mean to first validate

4
00:00:08,790 --> 00:00:12,660
‫if the inputted password is equal to the confirmed password

5
00:00:12,660 --> 00:00:16,380
‫and then also to encrypt the password in the database

6
00:00:16,380 --> 00:00:18,633
‫in order to secure it against attacks.

7
00:00:20,320 --> 00:00:22,330
‫And so the first thing that we're gonna do

8
00:00:22,330 --> 00:00:26,690
‫is to validate if the two inputted passwords are the same.

9
00:00:26,690 --> 00:00:28,840
‫And the best place to do that is here

10
00:00:28,840 --> 00:00:31,760
‫in the confirm password, okay?

11
00:00:31,760 --> 00:00:36,283
‫And so let's write our custom validator for that, all right?

12
00:00:38,480 --> 00:00:41,890
‫So remember, we use the validate property

13
00:00:41,890 --> 00:00:44,270
‫and then since we want to create a function

14
00:00:44,270 --> 00:00:48,420
‫and also an error message, let's open a new object here

15
00:00:49,480 --> 00:00:51,990
‫and then in there create validator,

16
00:00:51,990 --> 00:00:53,920
‫which is gonna be the function

17
00:00:53,920 --> 00:00:56,370
‫and let's actually start with this one.

18
00:00:56,370 --> 00:00:58,780
‫So, remember, all we need here is to specify

19
00:00:58,780 --> 00:01:01,770
‫a simple callback function which is then gonna be called

20
00:01:01,770 --> 00:01:03,853
‫when the new document is created.

21
00:01:04,940 --> 00:01:06,163
‫So, function,

22
00:01:07,210 --> 00:01:10,320
‫and here again, we cannot use an arrow function

23
00:01:10,320 --> 00:01:13,183
‫because we actually need to use the disk keyword.

24
00:01:14,690 --> 00:01:15,523
‫Okay?

25
00:01:16,560 --> 00:01:19,180
‫So, remember that from the validator function

26
00:01:19,180 --> 00:01:21,470
‫we return either true or false

27
00:01:21,470 --> 00:01:23,960
‫and if the return value is false,

28
00:01:23,960 --> 00:01:27,550
‫then it means that we're gonna get a validation error, okay?

29
00:01:27,550 --> 00:01:29,630
‫And, of course, if it's true, then not.

30
00:01:29,630 --> 00:01:33,820
‫And so what we want here is to say that the current element

31
00:01:33,820 --> 00:01:40,760
‫so, password confirm, is equal to this dot password,

32
00:01:40,760 --> 00:01:42,350
‫and that's actually it!

33
00:01:42,350 --> 00:01:46,510
‫So, for example, if password confirm is A-B-C,

34
00:01:46,510 --> 00:01:49,520
‫and password is also A-B-C,

35
00:01:49,520 --> 00:01:52,530
‫then this will of course return true, all right?

36
00:01:52,530 --> 00:01:54,330
‫And so then the validation is passed

37
00:01:54,330 --> 00:01:56,550
‫and no error will occur.

38
00:01:56,550 --> 00:02:00,440
‫But, if the initial password is, let's say, X-Y-Z,

39
00:02:00,440 --> 00:02:02,860
‫well then of course this is gonna return false

40
00:02:02,860 --> 00:02:05,820
‫and we're gonna have a validation error, okay?

41
00:02:05,820 --> 00:02:08,660
‫So, very simple, but we need to keep in mind

42
00:02:08,660 --> 00:02:12,320
‫that this is only gonna work on save, okay?

43
00:02:12,320 --> 00:02:13,950
‫So I talked about that before

44
00:02:13,950 --> 00:02:17,840
‫when we used the custom validator on the tour model, right?

45
00:02:17,840 --> 00:02:19,740
‫But I'm reminding you of that here again

46
00:02:19,740 --> 00:02:24,120
‫because this is absolutely crucial here in this point, okay?

47
00:02:24,120 --> 00:02:26,423
‫So let me actually write it down here for you.

48
00:02:27,739 --> 00:02:29,010
‫(keyboard clicking)

49
00:02:29,010 --> 00:02:30,410
‫On

50
00:02:30,410 --> 00:02:32,050
‫save.

51
00:02:32,050 --> 00:02:32,883
‫Okay?

52
00:02:32,883 --> 00:02:35,740
‫And for this reason, whenever we want to update a user,

53
00:02:35,740 --> 00:02:38,250
‫we will always have to use save as well

54
00:02:38,250 --> 00:02:41,010
‫and not, for example, find one and update

55
00:02:41,010 --> 00:02:43,310
‫like we did with our tours, okay?

56
00:02:43,310 --> 00:02:45,570
‫So let's keep this in mind when we write

57
00:02:45,570 --> 00:02:48,730
‫the rest of the code throughout the rest of the section

58
00:02:48,730 --> 00:02:51,670
‫and especially for updating, okay?

59
00:02:51,670 --> 00:02:54,400
‫Because let's say that we updated the user's password

60
00:02:54,400 --> 00:02:56,320
‫simply with a regular update.

61
00:02:56,320 --> 00:02:58,910
‫Then in that case, this password confirm validation

62
00:02:58,910 --> 00:03:01,540
‫that we have here would no longer work, okay?

63
00:03:01,540 --> 00:03:04,670
‫And of course that cannot happen, okay?

64
00:03:04,670 --> 00:03:08,410
‫And so, again, keep in mind that this will only work

65
00:03:08,410 --> 00:03:12,920
‫when we create a new object, so on dot create, or on save.

66
00:03:12,920 --> 00:03:13,753
‫Okay?

67
00:03:13,753 --> 00:03:18,550
‫So, on create and save,

68
00:03:18,550 --> 00:03:19,383
‫All right?

69
00:03:19,383 --> 00:03:22,830
‫So we create new object using create, right?

70
00:03:22,830 --> 00:03:27,100
‫So, right here, used a dot create

71
00:03:27,100 --> 00:03:28,463
‫but remember how I also showed you

72
00:03:28,463 --> 00:03:31,143
‫that we can use a user dot save,

73
00:03:33,100 --> 00:03:35,160
‫like this, right?

74
00:03:35,160 --> 00:03:38,470
‫And in fact, we can also use a user dot save

75
00:03:38,470 --> 00:03:41,550
‫in order to update the user, all right?

76
00:03:41,550 --> 00:03:43,593
‫But again, more about it a bit later.

77
00:03:44,820 --> 00:03:45,810
‫Okay?

78
00:03:45,810 --> 00:03:50,063
‫So let's now actually try out this validation here, okay?

79
00:03:51,230 --> 00:03:53,280
‫So first of all, let's actually

80
00:03:53,280 --> 00:03:55,210
‫just try to create a new user

81
00:03:55,210 --> 00:03:57,660
‫with this data here which should not work

82
00:03:57,660 --> 00:04:01,020
‫because we already have a user with this email address

83
00:04:01,020 --> 00:04:03,290
‫and we said that this one should be unique

84
00:04:03,290 --> 00:04:04,590
‫and so it should not work.

85
00:04:06,330 --> 00:04:12,210
‫Okay, and so of course our duplicate key error, right?

86
00:04:12,210 --> 00:04:14,170
‫Now if you were in production, then of course

87
00:04:14,170 --> 00:04:17,040
‫we already would get our nicely formatted error

88
00:04:17,040 --> 00:04:19,620
‫that we created in the last section, right?

89
00:04:19,620 --> 00:04:23,730
‫But right now we are in development and so that's the error

90
00:04:23,730 --> 00:04:25,383
‫that we defined we want to see.

91
00:04:26,510 --> 00:04:27,343
‫Okay?

92
00:04:28,440 --> 00:04:30,890
‫So let's simply use another email here

93
00:04:30,890 --> 00:04:33,060
‫and since we're working on the email here,

94
00:04:33,060 --> 00:04:36,593
‫let's also see how the email address validation works.

95
00:04:37,650 --> 00:04:40,833
‫So let's say that we specified this as our email.

96
00:04:42,190 --> 00:04:46,830
‫And so, we see the error, "please provide a valid email."

97
00:04:46,830 --> 00:04:47,663
‫Okay?

98
00:04:48,660 --> 00:04:51,320
‫So let's test it just like this because I think that this

99
00:04:51,320 --> 00:04:53,120
‫should also not be valid.

100
00:04:53,120 --> 00:04:55,043
‫Maybe it is, but let's see.

101
00:04:56,170 --> 00:04:57,840
‫And yeah, actually it's not because

102
00:04:57,840 --> 00:05:01,050
‫there are no domain names with only one letter, okay?

103
00:05:01,050 --> 00:05:03,990
‫And so this validator is pretty specific

104
00:05:03,990 --> 00:05:05,890
‫so it's really good.

105
00:05:05,890 --> 00:05:09,080
‫Now if we do it like this, then of course it should work.

106
00:05:09,080 --> 00:05:11,000
‫But anyway, what we wanted to test here

107
00:05:11,000 --> 00:05:13,860
‫is these different passwords, okay?

108
00:05:13,860 --> 00:05:15,460
‫And I remember now that we actually

109
00:05:15,460 --> 00:05:18,493
‫didn't create an error message, I believe.

110
00:05:19,430 --> 00:05:21,070
‫And yeah, we didn't.

111
00:05:21,070 --> 00:05:22,993
‫And so, let's add that here as well.

112
00:05:25,120 --> 00:05:26,113
‫So message,

113
00:05:28,510 --> 00:05:29,510
‫are not

114
00:05:30,930 --> 00:05:31,803
‫the same.

115
00:05:32,900 --> 00:05:33,733
‫Okay.

116
00:05:35,580 --> 00:05:38,390
‫So let's add something here, doesn't matter.

117
00:05:38,390 --> 00:05:42,613
‫And so now, passwords are not the same, okay?

118
00:05:43,460 --> 00:05:45,233
‫So perfect.

119
00:05:45,233 --> 00:05:48,333
‫And now of course our validation should be passed.

120
00:05:49,640 --> 00:05:53,690
‫And indeed, it is and we created our new user.

121
00:05:53,690 --> 00:05:55,900
‫Let's head over to Compass here,

122
00:05:55,900 --> 00:05:58,640
‫take a look, and then actually delete it

123
00:05:58,640 --> 00:06:02,953
‫so that I can later create more users with the same email.

124
00:06:04,330 --> 00:06:05,163
‫All right?

125
00:06:05,163 --> 00:06:07,310
‫And we don't want all this junk here anyway

126
00:06:07,310 --> 00:06:09,990
‫so all these test users, okay?

127
00:06:09,990 --> 00:06:13,330
‫But now, the next step is to actually encrypt

128
00:06:13,330 --> 00:06:15,560
‫these plain passwords that we are storing

129
00:06:15,560 --> 00:06:17,570
‫in our database right now.

130
00:06:17,570 --> 00:06:19,940
‫So, as I mentioned in the last video,

131
00:06:19,940 --> 00:06:21,950
‫when we are working with authentication,

132
00:06:21,950 --> 00:06:24,220
‫one of the most fundamental principles

133
00:06:24,220 --> 00:06:29,090
‫is to never ever store plain passwords in a database, okay?

134
00:06:29,090 --> 00:06:33,170
‫So that is something that's absolutely not acceptable, okay?

135
00:06:33,170 --> 00:06:36,650
‫So we should really always encrypt user's passwords

136
00:06:36,650 --> 00:06:38,510
‫because imagine that for some reason,

137
00:06:38,510 --> 00:06:41,250
‫a hacker gets access to the database.

138
00:06:41,250 --> 00:06:44,880
‫If then the passwords are stored in plain text in there,

139
00:06:44,880 --> 00:06:47,550
‫then he can simply login as any user

140
00:06:47,550 --> 00:06:49,720
‫and then do whatever he really wants

141
00:06:49,720 --> 00:06:52,730
‫and cause a lot of damage in some cases, okay?

142
00:06:52,730 --> 00:06:55,770
‫And so we need to absolutely prevent that.

143
00:06:55,770 --> 00:06:58,563
‫And so let's now go ahead and implement this.

144
00:06:59,870 --> 00:07:03,610
‫Now, where is the best place to actually do that?

145
00:07:03,610 --> 00:07:07,270
‫Well, I would argue that the model is always the best place

146
00:07:07,270 --> 00:07:10,160
‫to do this kind of functionality.

147
00:07:10,160 --> 00:07:12,110
‫So in this case, the encryption

148
00:07:12,110 --> 00:07:14,960
‫because it really has to do with the data itself

149
00:07:14,960 --> 00:07:16,730
‫and so it should be on the model

150
00:07:16,730 --> 00:07:19,070
‫and not in the controller, okay?

151
00:07:19,070 --> 00:07:22,022
‫So again, keep the fat models, thin controllers

152
00:07:22,022 --> 00:07:24,040
‫philosophy in mind here.

153
00:07:24,040 --> 00:07:24,873
‫All right?

154
00:07:27,260 --> 00:07:31,170
‫So how are we gonna now implement this encryption?

155
00:07:31,170 --> 00:07:33,660
‫Well, this is another perfect use case

156
00:07:33,660 --> 00:07:36,050
‫for using Mongoose middleware.

157
00:07:36,050 --> 00:07:37,430
‫And the one that we're gonna use

158
00:07:37,430 --> 00:07:39,210
‫is a pre-save middleware.

159
00:07:39,210 --> 00:07:42,630
‫So basically document middleware, okay?

160
00:07:42,630 --> 00:07:47,630
‫So, remember that we defined that on the schema, okay?

161
00:07:47,760 --> 00:07:50,130
‫And in this case, we want to set a pre-hook,

162
00:07:50,130 --> 00:07:54,490
‫so a pre-middleware on save, all right?

163
00:07:54,490 --> 00:07:56,750
‫And the reason why we're doing it like this

164
00:07:56,750 --> 00:07:58,320
‫is that the middleware function

165
00:07:58,320 --> 00:08:01,240
‫that we're gonna specify here, so the encryption,

166
00:08:01,240 --> 00:08:03,660
‫is then gonna be happened between the moment

167
00:08:03,660 --> 00:08:05,990
‫that we receive that data and the moment

168
00:08:05,990 --> 00:08:09,340
‫where it's actually persisted to the database, okay?

169
00:08:09,340 --> 00:08:12,200
‫So that's where the pre-save middleware runs.

170
00:08:12,200 --> 00:08:15,600
‫Between getting the data and saving it to the database.

171
00:08:15,600 --> 00:08:19,210
‫And so that's the perfect time to manipulate the data.

172
00:08:19,210 --> 00:08:20,420
‫All right?

173
00:08:20,420 --> 00:08:21,253
‫So,

174
00:08:22,480 --> 00:08:26,010
‫a function, and then remember we have access

175
00:08:26,010 --> 00:08:29,740
‫to the next function in order to call the next middleware.

176
00:08:29,740 --> 00:08:33,220
‫Okay, now we actually only want to encrypt the password

177
00:08:33,220 --> 00:08:37,400
‫if the password field has actually been updated, okay?

178
00:08:37,400 --> 00:08:40,900
‫So basically only when really the password is changed

179
00:08:40,900 --> 00:08:43,370
‫or also when it's created new, all right?

180
00:08:43,370 --> 00:08:46,890
‫Because imagine the user is only updating the email.

181
00:08:46,890 --> 00:08:48,340
‫Then in that case, of course,

182
00:08:48,340 --> 00:08:51,760
‫we do not want to encrypt the password again, right?

183
00:08:51,760 --> 00:08:54,420
‫And so we can do that with Mongoose.

184
00:08:54,420 --> 00:08:58,130
‫And so we're gonna say, if and then this,

185
00:08:58,130 --> 00:09:00,840
‫which refers to the current document, right?

186
00:09:00,840 --> 00:09:03,070
‫And so in this case, to the current user

187
00:09:03,070 --> 00:09:04,583
‫and then is modified.

188
00:09:06,690 --> 00:09:07,523
‫Okay?

189
00:09:07,523 --> 00:09:10,670
‫So we have a method on all documents which we can use

190
00:09:10,670 --> 00:09:13,260
‫if a certain field has been modified.

191
00:09:13,260 --> 00:09:16,270
‫And so here, we need to pass in the name of the field,

192
00:09:16,270 --> 00:09:17,940
‫so "password."

193
00:09:17,940 --> 00:09:18,773
‫Okay?

194
00:09:18,773 --> 00:09:21,080
‫And so basically, what we want to do here

195
00:09:21,080 --> 00:09:24,440
‫is to say that if the password has not been modified,

196
00:09:24,440 --> 00:09:27,540
‫so not, then in that case, let's simply

197
00:09:27,540 --> 00:09:30,520
‫return from this function and not run

198
00:09:30,520 --> 00:09:32,320
‫any of the other code that's in here

199
00:09:33,160 --> 00:09:34,863
‫and then call the next middleware.

200
00:09:35,834 --> 00:09:36,667
‫Okay?

201
00:09:37,930 --> 00:09:41,170
‫So again, if the password has not been modified,

202
00:09:41,170 --> 00:09:42,810
‫then let's just exit this function

203
00:09:42,810 --> 00:09:44,600
‫and call the next middleware.

204
00:09:44,600 --> 00:09:46,770
‫Otherwise we will then run the code

205
00:09:46,770 --> 00:09:48,580
‫that I'm gonna put in here.

206
00:09:48,580 --> 00:09:51,270
‫And so now it's finally time to actually encrypt,

207
00:09:51,270 --> 00:09:55,200
‫or as we can also say, to hash the password, okay?

208
00:09:55,200 --> 00:09:58,490
‫So you will see the term "hash" or "hashing" all the time

209
00:09:58,490 --> 00:10:01,890
‫and so that basically means encryption as well, okay?

210
00:10:01,890 --> 00:10:05,440
‫Now we are gonna do this encryption, or hashing,

211
00:10:05,440 --> 00:10:08,580
‫using a very well-known and well-studied

212
00:10:08,580 --> 00:10:13,230
‫and very popular hashing algorithm called bcrypt.

213
00:10:13,230 --> 00:10:14,290
‫Okay?

214
00:10:14,290 --> 00:10:18,200
‫So this algorithm will first salt then hash our password

215
00:10:18,200 --> 00:10:21,130
‫in order to make it really strong to protect it

216
00:10:21,130 --> 00:10:23,760
‫against bruteforce attacks, all right?

217
00:10:23,760 --> 00:10:25,280
‫And so that's the whole reason

218
00:10:25,280 --> 00:10:27,600
‫why encryption needs to be really strong.

219
00:10:27,600 --> 00:10:30,360
‫Because bruteforce attacks could try to guess

220
00:10:30,360 --> 00:10:34,040
‫a certain passwords if it's not really strong encrypted.

221
00:10:34,040 --> 00:10:37,990
‫And remember how I said that bcrypt will salt our password

222
00:10:37,990 --> 00:10:40,950
‫and that just means that it's gonna add a random string

223
00:10:40,950 --> 00:10:44,500
‫to the password so that two equal passwords

224
00:10:44,500 --> 00:10:47,430
‫do not generate the same hash, okay?

225
00:10:47,430 --> 00:10:48,490
‫Make sense?

226
00:10:48,490 --> 00:10:51,520
‫Now I'm not gonna go into all the cryptographic details

227
00:10:51,520 --> 00:10:53,940
‫on how this really works behind the scenes

228
00:10:53,940 --> 00:10:56,850
‫and why we need such a complex system, okay?

229
00:10:56,850 --> 00:11:00,140
‫But of course you can read all you want about bcrypt online.

230
00:11:00,140 --> 00:11:02,830
‫There's really a ton of interesting stuff

231
00:11:02,830 --> 00:11:05,290
‫to discover there, all right?

232
00:11:05,290 --> 00:11:09,270
‫Anyway, let's now go ahead and use the bcrypt js package

233
00:11:09,270 --> 00:11:12,133
‫in order to use this algorithm.

234
00:11:13,790 --> 00:11:14,623
‫So,

235
00:11:15,560 --> 00:11:17,660
‫so npm install

236
00:11:19,156 --> 00:11:21,655
‫bcryptjs.

237
00:11:21,655 --> 00:11:22,488
‫Okay?

238
00:11:22,488 --> 00:11:25,410
‫And so this basically is a bcrypt implementation

239
00:11:25,410 --> 00:11:26,713
‫for Javascript.

240
00:11:27,650 --> 00:11:28,750
‫Okay?

241
00:11:28,750 --> 00:11:30,720
‫Let's go back to our main terminal

242
00:11:32,550 --> 00:11:34,513
‫and then go ahead and import it here.

243
00:11:36,092 --> 00:11:40,820
‫And this one is by default only called bcrypt, okay?

244
00:11:40,820 --> 00:11:41,873
‫And not bcryptjs.

245
00:11:42,889 --> 00:11:45,889
‫(keyboard clicking)

246
00:11:49,330 --> 00:11:50,163
‫All right.

247
00:11:53,360 --> 00:11:54,193
‫All right.

248
00:11:54,193 --> 00:11:56,033
‫And now, let's actually use it.

249
00:11:56,970 --> 00:12:00,293
‫So, we want to say that this dot password,

250
00:12:01,370 --> 00:12:03,510
‫so the current password in this document

251
00:12:04,590 --> 00:12:10,214
‫should be equal to bcrypt dot hash

252
00:12:11,600 --> 00:12:13,100
‫and then our current password.

253
00:12:14,640 --> 00:12:15,473
‫Okay?

254
00:12:15,473 --> 00:12:19,600
‫And then in here we need to specify a cost parameter, okay?

255
00:12:19,600 --> 00:12:22,100
‫And we could actually do this in two ways.

256
00:12:22,100 --> 00:12:25,700
‫So the first way will to be manually generating the salt,

257
00:12:25,700 --> 00:12:27,740
‫so that random string basically,

258
00:12:27,740 --> 00:12:29,727
‫that is gonna be added to our password

259
00:12:29,727 --> 00:12:33,770
‫and then use that salt here in this hash function.

260
00:12:33,770 --> 00:12:34,603
‫All right?

261
00:12:34,603 --> 00:12:36,480
‫But instead, to make it a bit easier,

262
00:12:36,480 --> 00:12:39,260
‫we can also simply pass a cost parameter

263
00:12:39,260 --> 00:12:40,620
‫into this function here.

264
00:12:40,620 --> 00:12:42,920
‫And so that is basically a measure

265
00:12:42,920 --> 00:12:47,360
‫of how CPU intensive this operation will be, all right?

266
00:12:47,360 --> 00:12:50,230
‫And the default value here I believe is 10,

267
00:12:50,230 --> 00:12:53,130
‫but right now it's a bit better actually to use 12

268
00:12:53,130 --> 00:12:55,810
‫because computers have become more and more powerful.

269
00:12:55,810 --> 00:12:58,800
‫So like 20 years ago, you could have used eight here

270
00:12:58,800 --> 00:13:01,170
‫and then a bit later than 10,

271
00:13:01,170 --> 00:13:04,670
‫but right now at this point in time, it's best to use 12.

272
00:13:04,670 --> 00:13:06,610
‫And so the higher this cost here,

273
00:13:06,610 --> 00:13:09,610
‫basically the more CPU intensive the process will be

274
00:13:09,610 --> 00:13:13,350
‫and the better the password will be encrypted, okay?

275
00:13:13,350 --> 00:13:15,070
‫And of course we could go even higher,

276
00:13:15,070 --> 00:13:17,750
‫but then it would take way too long, all right?

277
00:13:17,750 --> 00:13:20,330
‫And I will show that to you in a second.

278
00:13:20,330 --> 00:13:21,163
‫Okay?

279
00:13:21,163 --> 00:13:22,910
‫But for now, let's actually finish this

280
00:13:22,910 --> 00:13:26,060
‫because there is one thing left here.

281
00:13:26,060 --> 00:13:29,040
‫So this hash here is actually the asynchronous version,

282
00:13:29,040 --> 00:13:31,440
‫but there also is a synchronous version.

283
00:13:31,440 --> 00:13:33,960
‫But as you already know, we do not want to use

284
00:13:33,960 --> 00:13:35,313
‫the synchronous version because

285
00:13:35,313 --> 00:13:38,810
‫that will block the event loop and then prevent other users

286
00:13:38,810 --> 00:13:41,000
‫from using the application.

287
00:13:41,000 --> 00:13:43,350
‫So just like we learned in the beginning.

288
00:13:43,350 --> 00:13:45,230
‫And so of course we want to use

289
00:13:45,230 --> 00:13:48,130
‫the asynchronous version which is this one.

290
00:13:48,130 --> 00:13:50,210
‫And this will then return a promise

291
00:13:50,210 --> 00:13:53,860
‫and that promise, of course, we need to await.

292
00:13:53,860 --> 00:13:58,860
‫And so, we need to use await and then say that this function

293
00:13:58,960 --> 00:14:02,513
‫is an async function, just like this.

294
00:14:04,730 --> 00:14:06,860
‫So, let's recap that here.

295
00:14:06,860 --> 00:14:09,780
‫So, we want to set our current password

296
00:14:09,780 --> 00:14:14,780
‫basically to encrypt this version of the original password

297
00:14:14,780 --> 00:14:17,500
‫with a cost of 12, not to make it too easy

298
00:14:17,500 --> 00:14:21,690
‫to break the password, but also not to make the application

299
00:14:21,690 --> 00:14:25,423
‫take too long for encrypting the password, all right?

300
00:14:25,423 --> 00:14:27,920
‫So with this, we encrypted our password

301
00:14:27,920 --> 00:14:30,070
‫and now in the end, what we need to do

302
00:14:30,070 --> 00:14:33,840
‫is to basically delete the confirm password, all right?

303
00:14:33,840 --> 00:14:35,670
‫Because at this point in time,

304
00:14:35,670 --> 00:14:38,663
‫we only have the real password hashed, right?

305
00:14:40,560 --> 00:14:43,643
‫So, this dot password confirm,

306
00:14:43,643 --> 00:14:45,980
‫and how we basically delete the field,

307
00:14:45,980 --> 00:14:48,740
‫so not to be persisted in the database

308
00:14:48,740 --> 00:14:51,440
‫is to set it to undefined.

309
00:14:51,440 --> 00:14:52,400
‫All right?

310
00:14:52,400 --> 00:14:55,970
‫So, we really only need this password confirm here

311
00:14:55,970 --> 00:14:58,950
‫for the validation that we implemented before.

312
00:14:58,950 --> 00:15:00,730
‫So just to make sure that the user

313
00:15:00,730 --> 00:15:03,160
‫actually inputted two equal passwords

314
00:15:03,160 --> 00:15:06,660
‫so that he doesn't make any mistakes with his password.

315
00:15:06,660 --> 00:15:07,590
‫Right?

316
00:15:07,590 --> 00:15:10,300
‫And so after this validation was successful,

317
00:15:10,300 --> 00:15:13,060
‫we actually no longer need this field

318
00:15:13,060 --> 00:15:16,710
‫so we really do not want to persist it to the database.

319
00:15:16,710 --> 00:15:20,130
‫And so that's why we simply set it here to undefined.

320
00:15:20,130 --> 00:15:21,150
‫All right?

321
00:15:21,150 --> 00:15:23,220
‫Now you might wonder why this works

322
00:15:23,220 --> 00:15:25,920
‫because we actually set password confirm

323
00:15:25,920 --> 00:15:27,800
‫to a required, right?

324
00:15:27,800 --> 00:15:30,750
‫But that simply means that it's a required input,

325
00:15:30,750 --> 00:15:33,650
‫not that it's required to actually be persisted

326
00:15:33,650 --> 00:15:36,982
‫to the database, okay?

327
00:15:38,393 --> 00:15:42,390
‫Now, just to finish, we of course need to also call next.

328
00:15:42,390 --> 00:15:43,240
‫Okay?

329
00:15:43,240 --> 00:15:44,290
‫Let's give it a save.

330
00:15:45,640 --> 00:15:47,440
‫And actually I'm gonna add some comments here

331
00:15:47,440 --> 00:15:49,370
‫to make it really clear for you.

332
00:15:49,370 --> 00:15:52,400
‫So basically what this does, is to only run

333
00:15:54,180 --> 00:15:55,050
‫this function

334
00:15:56,160 --> 00:15:57,190
‫if password

335
00:15:58,930 --> 00:16:00,533
‫was actually modified.

336
00:16:05,070 --> 00:16:05,903
‫Then here,

337
00:16:08,840 --> 00:16:11,803
‫hash the password with cost of 12.

338
00:16:14,785 --> 00:16:16,300
‫And then,

339
00:16:16,300 --> 00:16:19,443
‫delete the password confirm field.

340
00:16:20,750 --> 00:16:21,583
‫Okay.

341
00:16:21,583 --> 00:16:24,453
‫And now, let's go ahead and test this.

342
00:16:25,660 --> 00:16:29,590
‫And I will now create a new user with exactly this data

343
00:16:29,590 --> 00:16:32,470
‫and let's now take a look at the result.

344
00:16:32,470 --> 00:16:36,460
‫And indeed, we now get this very weird looking password

345
00:16:36,460 --> 00:16:40,163
‫which indeed is the encrypted version of pass1234.

346
00:16:41,410 --> 00:16:45,580
‫And also, as you see, password confirm is no longer here.

347
00:16:45,580 --> 00:16:46,413
‫Okay?

348
00:16:46,413 --> 00:16:48,930
‫And so just like this, we now stored users

349
00:16:48,930 --> 00:16:51,353
‫in a secure way in our database.

350
00:16:52,280 --> 00:16:55,310
‫Let me now just show you how it will work

351
00:16:55,310 --> 00:16:58,233
‫if we, for example, set it to 16 here.

352
00:17:00,740 --> 00:17:02,540
‫And I need to change the email here.

353
00:17:03,540 --> 00:17:07,120
‫And so that should now take a lot of time

354
00:17:07,120 --> 00:17:09,180
‫and I'm not sure if I can even wait.

355
00:17:09,180 --> 00:17:12,490
‫Oh, actually it took like four and a half seconds.

356
00:17:12,490 --> 00:17:17,320
‫But that's still a bit too much I believe, okay?

357
00:17:17,320 --> 00:17:18,980
‫So,

358
00:17:18,980 --> 00:17:20,330
‫let's set it back to 12

359
00:17:21,410 --> 00:17:24,507
‫and so that should be better, okay?

360
00:17:24,507 --> 00:17:26,670
‫And now let's just, again, delete

361
00:17:26,670 --> 00:17:29,630
‫these users here that we just created.

362
00:17:29,630 --> 00:17:32,110
‫And actually I need to get rid of this first one

363
00:17:32,110 --> 00:17:36,000
‫because this one still has the password in plain text.

364
00:17:36,000 --> 00:17:38,090
‫And so this user is not gonna work

365
00:17:38,090 --> 00:17:40,370
‫when we start to actually login users

366
00:17:40,370 --> 00:17:42,621
‫based on their password.

367
00:17:42,621 --> 00:17:44,250
‫Okay?

368
00:17:44,250 --> 00:17:45,743
‫So let's get rid of this.

369
00:17:52,780 --> 00:17:54,060
‫Okay?

370
00:17:54,060 --> 00:17:56,170
‫And also what I wanted to show you here

371
00:17:57,510 --> 00:17:59,880
‫is that we put in the exact same password

372
00:17:59,880 --> 00:18:02,390
‫for these two users that we created, right?

373
00:18:02,390 --> 00:18:04,520
‫But you see that the encrypted password

374
00:18:04,520 --> 00:18:07,630
‫is actually very different, right?

375
00:18:07,630 --> 00:18:09,820
‫And so that's the power of salting the password

376
00:18:09,820 --> 00:18:11,043
‫before hashing it.

377
00:18:12,220 --> 00:18:13,060
‫All right?

378
00:18:13,060 --> 00:18:17,250
‫So just like this, we, again, implemented a very secure

379
00:18:17,250 --> 00:18:19,313
‫and good password management.