Hashing passwords in Node.js the same way as in Drupal 7

331 views Asked by At

I'm trying to migrate users from Drupal 7 to another project on node.js.

And I need to keep existing passwords for all of them. That means I need to hash passwords the same way is Drupal does.

Drupal use SHA512 by default with a salt. They run the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).

The problem is, user_hash_password() which does hashing, seems to be quite custom. I don't really want to revers engineer it and reinvent the wheel.

The question is, are there any libraries on node.js that can do that?

1

There are 1 answers

0
mrded On BEST ANSWER

It can be done with drupal-hash module.

Check existing password

var drupalHash = require('drupal-hash');

var clearPassword = 'superpassword';
var passwordHash = '$S$DODRFsy.GX2iSkl2zJ4fsrGRt2S0FOWu0JSA3BqAmSayESbcY3w9';
var isValid = drupalHash.checkPassword(clearPassword, passwordHash);
// returns true or false 

Hash new password

var drupalHash = require('drupal-hash');

var newPassword = 'superpassword';
var passwordHash = drupalHash.hashPassword(newPassword);
// returns something like '$S$DODRFsy.GX2iSkl2zJ4fsrGRt2S0FOWu0JSA3BqAmSayESbcY3w9'

Check if an old password needs updated

var drupalHash = require('drupal-hash');

var passwordHash = '$P$DxTIL/YfZCdJtFYNh1Ef9ERbMBkuQ91';
var needsHash = drupalHash.needsNewHash(passwordHash);
// return true or false