1 00:00:00,670 --> 00:00:03,100 Let's wrap up our password class in this video. 2 00:00:03,100 --> 00:00:06,540 We're going to implement these static compare method right here. 3 00:00:06,640 --> 00:00:12,310 So we're going to take some stored password out of our database and some supplied password as well. 4 00:00:12,460 --> 00:00:14,650 And going backward to the diagram we just looking at. 5 00:00:14,650 --> 00:00:19,180 Remember we're going to hash the supplied password get the hash version. 6 00:00:19,270 --> 00:00:22,960 Well then compared to the one stored inside of our database and if they are equal that means that the 7 00:00:22,960 --> 00:00:28,440 user must have given us the correct password something that's just kind of complicating this a little 8 00:00:28,440 --> 00:00:28,920 bit. 9 00:00:29,040 --> 00:00:34,530 The stored password right here is whatever we are storing tied to our user inside the database. 10 00:00:34,590 --> 00:00:39,600 So it's going to be the output of two hash as a part of that two hash process. 11 00:00:39,600 --> 00:00:45,200 We are not only generating a hash password but we are also concatenated on there at the very end. 12 00:00:45,210 --> 00:00:50,280 Separated by that little dot something called the salt as well the salt is part of the actual hashing 13 00:00:50,280 --> 00:00:51,260 process. 14 00:00:51,380 --> 00:00:54,590 So start password right here is not just the hash password. 15 00:00:54,600 --> 00:00:56,270 It's not just that part. 16 00:00:56,310 --> 00:00:59,060 It is the hash password plus a period. 17 00:00:59,100 --> 00:01:05,930 And the salt at the very end so we're going to accommodate for that on the very first line by saying 18 00:01:06,620 --> 00:01:15,770 hash password and salt are coming from stored password that splits on dot like so. 19 00:01:15,890 --> 00:01:20,920 So now hash password is the actual truly hash password that is stored in our database. 20 00:01:21,140 --> 00:01:26,440 And salt is the salt that we generated during the initial hashing process. 21 00:01:26,460 --> 00:01:31,800 I know this stuff is confusing again really assuming that you've seen how password hashing and salting 22 00:01:31,800 --> 00:01:35,810 and all this stuff at least once before. 23 00:01:35,840 --> 00:01:41,300 So after that we're going to go ahead and go through the same exact password hashing process on the 24 00:01:41,360 --> 00:01:47,100 supplied password do we are going to write out the same line as up here rather than retype yet. 25 00:01:47,100 --> 00:01:49,560 I'm just going to copy that and paste it. 26 00:01:49,760 --> 00:01:56,910 I am going to change password right there to the actual argument name of supply password. 27 00:01:57,050 --> 00:02:04,470 I'm gonna make sure I also mark this function as async and then finally we now have the original hash 28 00:02:04,470 --> 00:02:09,890 password plus a buffer containing the newly hash password the one the user just supplied. 29 00:02:09,900 --> 00:02:14,820 They're going to take the buffer turn it into a string and then compare it against the hash one language 30 00:02:14,870 --> 00:02:23,260 to return buff dot to string converted to a hex hexadecimal string I'm going to compare its equality 31 00:02:23,640 --> 00:02:30,510 verse the stored hashed password like some and that is it. 32 00:02:30,640 --> 00:02:35,770 So we've got our class password all put together now we've got the ability to hash a password and we've 33 00:02:35,770 --> 00:02:38,410 got the ability to compare two as well. 34 00:02:38,450 --> 00:02:41,860 So the last we have to do is go back over to our user model. 35 00:02:42,010 --> 00:02:47,440 We're going to import that password manager class we just put together we're going to wipe it up inside 36 00:02:47,500 --> 00:02:52,330 of this user model to make sure that we automatically hash a password whenever we attempt to save a 37 00:02:52,330 --> 00:02:53,440 user to our database.