1

I'm trying to migrate users from Drupal 7 to another project on node.js.

And I need to keep existing passwords for all of them. That means I need to hash passwords the same way is Drupal does.

Drupal use SHA512 by default with a salt. They run the hash through PHP's hash function numerous times to increase the computation cost of generating a password's final hash (a security technique called stretching).

The problem is, user_hash_password() which does hashing, seems to be quite custom. I don't really want to revers engineer it and reinvent the wheel.

The question is, are there any libraries on node.js that can do that?

Improve this question

1 Answer 1

Reset to default
2

It can be done with drupal-hash module.

Check existing password

var drupalHash = require('drupal-hash');

var clearPassword = 'superpassword';
var passwordHash = '$S$DODRFsy.GX2iSkl2zJ4fsrGRt2S0FOWu0JSA3BqAmSayESbcY3w9';
var isValid = drupalHash.checkPassword(clearPassword, passwordHash);
// returns true or false

Hash new password

var drupalHash = require('drupal-hash');

var newPassword = 'superpassword';
var passwordHash = drupalHash.hashPassword(newPassword);
// returns something like '$S$DODRFsy.GX2iSkl2zJ4fsrGRt2S0FOWu0JSA3BqAmSayESbcY3w9'

Check if an old password needs updated

var drupalHash = require('drupal-hash');

var passwordHash = '$P$DxTIL/YfZCdJtFYNh1Ef9ERbMBkuQ91';
var needsHash = drupalHash.needsNewHash(passwordHash);
// return true or false
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.