1
00:00:01,020 --> 00:00:03,690
Now we've got our password manager class all put together.

2
00:00:03,690 --> 00:00:08,520
We're going to make use of it inside of our user model file some inside of my model's directory look

3
00:00:08,520 --> 00:00:10,830
at the user dot test file at the very top.

4
00:00:10,830 --> 00:00:18,960
I'm going to import password from of one directory services password.

5
00:00:19,080 --> 00:00:23,630
Now whenever we tried to save a user to our database we're going to implement some code inside of here

6
00:00:23,670 --> 00:00:27,300
that's going to automatically intercept that save attempt.

7
00:00:27,300 --> 00:00:32,790
It's going to take the user's password that we've set on the user document hash it and then overwrite

8
00:00:32,790 --> 00:00:39,370
the password on the document so let's put this together down towards the bottom to file right after

9
00:00:39,370 --> 00:00:42,140
we build out our user schema.

10
00:00:42,240 --> 00:00:52,750
I'm going to add in a new method right after that we will say user schema not pre save.

11
00:00:52,760 --> 00:00:55,910
So this is a middleware function implemented in mongoose.

12
00:00:55,940 --> 00:01:00,620
Anytime we attempt to save a document to our database we are going to execute this function right here

13
00:01:01,220 --> 00:01:01,760
immediately.

14
00:01:01,760 --> 00:01:07,010
You will notice that I marked this function as async Mongoose very similar to express is kind of in

15
00:01:07,010 --> 00:01:12,110
the old way of doing things Mongoose does not really have great support out of the box for async await

16
00:01:12,110 --> 00:01:17,660
syntax instead to handle any kind of asynchronous code that we want to run inside this little callback

17
00:01:17,660 --> 00:01:20,650
function we get this done argument.

18
00:01:20,650 --> 00:01:26,180
So we are responsible for calling done once we have done all the work we need to do inside of here rather

19
00:01:26,180 --> 00:01:27,500
than just saying oh wait.

20
00:01:27,500 --> 00:01:31,480
Blah blah blah something and then letting Mongoose figure out what's going on.

21
00:01:31,580 --> 00:01:33,590
We have to do our a wait call.

22
00:01:33,590 --> 00:01:34,700
Anything else we want to do.

23
00:01:34,700 --> 00:01:36,650
And then at the very end we have to call dun

24
00:01:39,430 --> 00:01:44,290
you'll also notice I defined this function using these function keyword as opposed to an aero function

25
00:01:44,740 --> 00:01:45,950
like this right here.

26
00:01:45,970 --> 00:01:51,310
So a quick reminder whenever we put together a middleware function we get access to the document that

27
00:01:51,310 --> 00:01:52,120
is being saved.

28
00:01:52,120 --> 00:01:59,530
So the actual user that we're trying to persist to the database as this inside of this function if we

29
00:01:59,530 --> 00:02:06,590
used an arrow function right here then the value of this inside the function would be overridden and

30
00:02:06,590 --> 00:02:11,870
would be actually instead equal to the context of this entire file as opposed to our user documents

31
00:02:12,380 --> 00:02:13,190
not what we want.

32
00:02:13,280 --> 00:02:19,590
So that's why we are using the function keyword instead of the arrow function so inside of here we're

33
00:02:19,590 --> 00:02:25,230
gonna do two quick things we're gonna check and see if the user or me we're gonna check and see if we've

34
00:02:25,290 --> 00:02:30,360
modified the user's password we're gonna say if this dot is modified

35
00:02:33,600 --> 00:02:37,860
the reason for this is that we might be retrieving the user out of the database and then trying to save

36
00:02:37,860 --> 00:02:42,720
them back into the database at some future point in time we don't have any functionality around that

37
00:02:42,720 --> 00:02:43,570
just right now.

38
00:02:43,660 --> 00:02:48,120
Let's imagine that we had some kind of email changed functionality that would involve us fetching a

39
00:02:48,120 --> 00:02:53,490
user out of the database changing the email and then trying to save it to the database.

40
00:02:53,490 --> 00:02:59,340
So in that scenario we would still be running this middleware right here if we only changed the email

41
00:02:59,370 --> 00:03:03,930
we would not want to tried to rehash the password or anything like that because that means that we would

42
00:03:03,930 --> 00:03:07,120
be hashing a already hashed password.

43
00:03:07,290 --> 00:03:09,040
Definitely not what we want.

44
00:03:09,060 --> 00:03:15,510
So we are only going to attempt to hash the password if it has been modified when we first create a

45
00:03:15,510 --> 00:03:17,700
user and assign a password to them.

46
00:03:17,700 --> 00:03:23,820
So in other words when we eventually write out something like user dot build and throw in an email and

47
00:03:23,850 --> 00:03:29,250
a password this would mongoose will consider password to be modified.

48
00:03:29,250 --> 00:03:33,870
So even if we are just creating this thing for the very first time is modified password it will return

49
00:03:33,870 --> 00:03:35,800
true.

50
00:03:35,820 --> 00:03:36,090
All right.

51
00:03:36,120 --> 00:03:40,470
So instead of here we're going to get the hashed version of the password.

52
00:03:41,110 --> 00:03:47,880
So we'll do it in a weight password dot to hash and we will pass in the user's password that they just

53
00:03:47,880 --> 00:03:53,830
set or that we just set on the user documents it will say this dot gets

54
00:03:57,050 --> 00:04:01,740
that's going to get the user's password off the documents and we'll pass it into two hash.

55
00:04:01,760 --> 00:04:04,570
And that gives us back the hash password.

56
00:04:04,580 --> 00:04:06,410
Well then go ahead and update the password.

57
00:04:06,440 --> 00:04:14,670
So this dot set password to whatever we just got back out of the password hashing function.

58
00:04:14,840 --> 00:04:19,310
And then finally after the if statement we'll call done because we've now done all the asynchronous

59
00:04:19,310 --> 00:04:21,640
work we need to do.

60
00:04:21,770 --> 00:04:22,070
All right.

61
00:04:22,080 --> 00:04:22,750
That looks pretty good.

62
00:04:23,000 --> 00:04:26,020
I'm going to save this.

63
00:04:26,100 --> 00:04:30,680
Let's now go ahead and attempt to test this out by signing up for a new account.

64
00:04:30,720 --> 00:04:36,120
Remember right now any time we sign up for an account or sign up as a user our root handler back inside

65
00:04:36,130 --> 00:04:43,160
of sign up dot T.S. takes the newly saved user and sends it back to whoever made the request right now

66
00:04:43,190 --> 00:04:47,770
or previously when we were trying to test this thing out we saw that we sent back the password in plain

67
00:04:47,770 --> 00:04:48,420
text.

68
00:04:48,450 --> 00:04:54,910
So now when we send back this user we should see the password in a hashed format instead.

69
00:04:54,920 --> 00:04:55,130
All right.

70
00:04:55,130 --> 00:04:56,700
So I can go to post.

71
00:04:56,960 --> 00:05:00,260
I'm going to put in another unique email address.

72
00:05:00,260 --> 00:05:03,460
I'm going to send this in and there we go.

73
00:05:03,540 --> 00:05:09,120
So I can now see that the user that gets sent back to me I've got my email and I've got a hashed password

74
00:05:09,150 --> 00:05:11,570
on there as well.

75
00:05:11,620 --> 00:05:16,520
Now looks good to now we are no longer storing passwords in plain text inside of our database.

76
00:05:16,520 --> 00:05:18,680
That is fantastic.

77
00:05:18,700 --> 00:05:22,160
Now we still have to put together some logic to actually do the password comparison.

78
00:05:22,180 --> 00:05:27,820
We're going to write that out during our actual sign in implementation so we're just about done with

79
00:05:27,820 --> 00:05:29,200
the sign up stuff.

80
00:05:29,200 --> 00:05:37,370
The last thing we have to do as you will recall is make sure whereas it whereas it whereas it back over

81
00:05:37,370 --> 00:05:42,890
here after we have saved the user to the database we are now considering this person to be logged in.

82
00:05:42,890 --> 00:05:46,170
So we need to figure out how we're going to actually consider a person be logged in.

83
00:05:46,220 --> 00:05:47,940
We need to figure out whether we want to use a cookie.

84
00:05:47,960 --> 00:05:50,480
Jason web token or whatever else.

85
00:05:50,480 --> 00:05:51,830
Let's figure all that stuff out.

86
00:05:51,860 --> 00:05:53,090
Starting in just a moment.