Merge pull request #713 from melihkorkmaz/password-hash-argon2

Converted member password to Argon2 hashing algorithm.

Author: ar2rsawseen

api/parts/mgmt/users.js

@@ -234,9 +234,9 @@ usersApi.createUser = function(params) {
     /**
     * Creates user document with hashed password
     **/
-    function createUser() {
+    async function createUser() {
         var passwordNoHash = newMember.password;
-        newMember.password = common.sha512Hash(newMember.password);
+        newMember.password = await common.argon2Hash(newMember.password);
         newMember.password_changed = 0;
         newMember.created_at = Math.floor(((new Date()).getTime()) / 1000); //TODO: Check if UTC
         newMember.admin_of = newMember.admin_of || [];
@@ -275,7 +275,7 @@ usersApi.createUser = function(params) {
 * @param {params} params - params object
 * @returns {boolean} true if user was updated
 **/
-usersApi.updateUser = function(params) {
+usersApi.updateUser = async function(params) {
     var argProps = {
             'user_id': {
                 'required': true,
@@ -346,7 +346,7 @@ usersApi.updateUser = function(params) {
 
     if (updatedMember.password) {
         passwordNoHash = updatedMember.password;
-        updatedMember.password = common.sha512Hash(updatedMember.password);
+        updatedMember.password = await common.argon2Hash(updatedMember.password);
         if (params.member._id !== params.qstring.args.user_id) {
             updatedMember.password_changed = 0;
         }

api/utils/common.js

@@ -11,7 +11,8 @@ var common = {},
     logger = require('./log.js'),
     mcc_mnc_list = require('mcc-mnc-list'),
     plugins = require('../../plugins/pluginManager.js'),
-    countlyConfig = require('./../config', 'dont-enclose');
+    countlyConfig = require('./../config', 'dont-enclose'),
+    argon2 = require('argon2');
 
 var matchHtmlRegExp = /"|'|&(?!amp;|quot;|#39;|lt;|gt;|#46;|#36;)|<|>/;
 var matchLessHtmlRegExp = /[<>]/;
@@ -458,6 +459,15 @@ common.sha512Hash = function(str, addSalt) {
     return crypto.createHmac('sha512', salt + '').update(str + '').digest('hex');
 };
 
+/**
+* Create argon2 hash string
+* @param {string} str - string to hash
+* @returns {promise} hash promise
+**/
+common.argon2Hash = function(str) {
+    return argon2.hash(str);
+};
+
 /**
 * Create MD5 hash from provided value
 * @param {string} str - value to hash