graphql-python/graphene-mongo

How to achieve Hashing/ Encrypting a password field?

mtech2008 opened this issue · 2 comments

mtech2008 commented

Hi,
How can I achieve Hashing/ Encrypting a password field?
How about having a HashField or MD5Field?

Regards

abawchen commented

@mtech2008 : It's more like a question about mongoengine, not a graphql one, you can refer: https://stackoverflow.com/questions/27943258/save-password-as-salted-hash-in-mongodb-in-users-collection-using-python-bcrypt

make sense?

bhavishyasharma commented

Can be done easily using bcrypt

Mutation Class

class RegisterUserMutation(graphene.Mutation):
    user = graphene.Field(UserType)

    class Arguments:
        user_data = UserInput(required=True)

    def mutate(self, info, user_data=None):
        user = UserModel(
            firstname = user_data.firstname,
            lastname = user_data.lastname,
            username = user_data.username,
            email = user_data.email,
            roles = list()
        )
        user.setPassword(user_data.password)
        user.save()
        return RegisterUserMutation(user=user)

Model Class

class UserModel(Document):
    meta = {'collection': 'user'}
    _id = ObjectIdField()
    firstname = StringField()
    lastname = StringField()
    email = EmailField()
    username = StringField()
    password = StringField()
    roles = ListField(ReferenceField(RoleModel, reverse_delete_rule=mongoengine.DENY))

    def setPassword(self,password):
        self.password = (bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())).decode("utf-8")