Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,120 --> 00:00:02,370 So in this lecture, 2 00:00:02,370 --> 00:00:06,430 we're gonna manage our users passwords in the database. 3 00:00:06,430 --> 00:00:08,790 And by that I mean to first validate 4 00:00:08,790 --> 00:00:12,660 if the inputted password is equal to the confirmed password 5 00:00:12,660 --> 00:00:16,379 and then also to encrypt the password in the database 6 00:00:16,379 --> 00:00:18,633 in order to secure it against attacks. 7 00:00:20,320 --> 00:00:22,330 And so the first thing that we're gonna do 8 00:00:22,330 --> 00:00:26,690 is to validate if the two inputted passwords are the same. 9 00:00:26,690 --> 00:00:28,840 And the best place to do that is here 10 00:00:28,840 --> 00:00:31,760 in the confirm password, okay? 11 00:00:31,760 --> 00:00:36,283 And so let's write our custom validator for that, all right? 12 00:00:38,480 --> 00:00:41,890 So remember, we use the validate property 13 00:00:41,890 --> 00:00:44,270 and then since we want to create a function 14 00:00:44,270 --> 00:00:48,420 and also an error message, let's open a new object here 15 00:00:49,480 --> 00:00:51,990 and then in there create validator, 16 00:00:51,990 --> 00:00:53,920 which is gonna be the function 17 00:00:53,920 --> 00:00:56,370 and let's actually start with this one. 18 00:00:56,370 --> 00:00:58,780 So, remember, all we need here is to specify 19 00:00:58,780 --> 00:01:01,770 a simple callback function which is then gonna be called 20 00:01:01,770 --> 00:01:03,853 when the new document is created. 21 00:01:04,940 --> 00:01:06,163 So, function, 22 00:01:07,210 --> 00:01:10,320 and here again, we cannot use an arrow function 23 00:01:10,320 --> 00:01:13,183 because we actually need to use the disk keyword. 24 00:01:14,690 --> 00:01:15,523 Okay? 25 00:01:16,560 --> 00:01:19,180 So, remember that from the validator function 26 00:01:19,180 --> 00:01:21,470 we return either true or false 27 00:01:21,470 --> 00:01:23,960 and if the return value is false, 28 00:01:23,960 --> 00:01:27,550 then it means that we're gonna get a validation error, okay? 29 00:01:27,550 --> 00:01:29,630 And, of course, if it's true, then not. 30 00:01:29,630 --> 00:01:33,820 And so what we want here is to say that the current element 31 00:01:33,820 --> 00:01:37,643 so, password confirm, is equal to this dot password, 32 00:01:37,643 --> 00:01:40,760 so, password confirm, is equal to this dot password, 33 00:01:40,760 --> 00:01:42,350 and that's actually it! 34 00:01:42,350 --> 00:01:46,510 So, for example, if password confirm is A-B-C, 35 00:01:46,510 --> 00:01:49,520 and password is also A-B-C, 36 00:01:49,520 --> 00:01:52,530 then this will of course return true, all right? 37 00:01:52,530 --> 00:01:54,330 And so then the validation is passed 38 00:01:54,330 --> 00:01:56,550 and no error will occur. 39 00:01:56,550 --> 00:02:00,440 But, if the initial password is, let's say, X-Y-Z, 40 00:02:00,440 --> 00:02:02,860 well then of course this is gonna return false 41 00:02:02,860 --> 00:02:05,820 and we're gonna have a validation error, okay? 42 00:02:05,820 --> 00:02:08,660 So, very simple, but we need to keep in mind 43 00:02:08,660 --> 00:02:12,320 that this is only gonna work on save, okay? 44 00:02:12,320 --> 00:02:13,950 So I talked about that before 45 00:02:13,950 --> 00:02:17,840 when we used the custom validator on the tour model, right? 46 00:02:17,840 --> 00:02:19,740 But I'm reminding you of that here again 47 00:02:19,740 --> 00:02:24,120 because this is absolutely crucial here in this point, okay? 48 00:02:24,120 --> 00:02:26,423 So let me actually write it down here for you. 49 00:02:27,739 --> 00:02:29,010 (keyboard clicking) 50 00:02:29,010 --> 00:02:30,410 On 51 00:02:30,410 --> 00:02:32,050 save. 52 00:02:32,050 --> 00:02:32,883 Okay? 53 00:02:32,883 --> 00:02:35,740 And for this reason, whenever we want to update a user, 54 00:02:35,740 --> 00:02:38,250 we will always have to use save as well 55 00:02:38,250 --> 00:02:41,010 and not, for example, find one and update 56 00:02:41,010 --> 00:02:43,310 like we did with our tours, okay? 57 00:02:43,310 --> 00:02:45,570 So let's keep this in mind when we write 58 00:02:45,570 --> 00:02:48,730 the rest of the code throughout the rest of the section 59 00:02:48,730 --> 00:02:51,670 and especially for updating, okay? 60 00:02:51,670 --> 00:02:54,400 Because let's say that we updated the user's password 61 00:02:54,400 --> 00:02:56,320 simply with a regular update. 62 00:02:56,320 --> 00:02:58,910 Then in that case, this password confirm validation 63 00:02:58,910 --> 00:03:01,540 that we have here would no longer work, okay? 64 00:03:01,540 --> 00:03:04,670 And of course that cannot happen, okay? 65 00:03:04,670 --> 00:03:08,410 And so, again, keep in mind that this will only work 66 00:03:08,410 --> 00:03:12,920 when we create a new object, so on dot create, or on save. 67 00:03:12,920 --> 00:03:13,753 Okay? 68 00:03:13,753 --> 00:03:15,524 So, on create and save, 69 00:03:15,524 --> 00:03:18,550 So, on create and save, 70 00:03:18,550 --> 00:03:19,383 All right? 71 00:03:19,383 --> 00:03:22,830 So we create new object using create, right? 72 00:03:22,830 --> 00:03:25,431 So, right here, used a dot create 73 00:03:25,431 --> 00:03:27,100 So, right here, used a dot create 74 00:03:27,100 --> 00:03:28,463 but remember how I also showed you 75 00:03:28,463 --> 00:03:31,143 that we can use a user dot save, 76 00:03:33,100 --> 00:03:35,160 like this, right? 77 00:03:35,160 --> 00:03:38,470 And in fact, we can also use a user dot save 78 00:03:38,470 --> 00:03:41,550 in order to update the user, all right? 79 00:03:41,550 --> 00:03:43,593 But again, more about it a bit later. 80 00:03:44,820 --> 00:03:45,810 Okay? 81 00:03:45,810 --> 00:03:50,063 So let's now actually try out this validation here, okay? 82 00:03:51,230 --> 00:03:53,280 So first of all, let's actually 83 00:03:53,280 --> 00:03:55,210 just try to create a new user 84 00:03:55,210 --> 00:03:57,660 with this data here which should not work 85 00:03:57,660 --> 00:04:01,020 because we already have a user with this email address 86 00:04:01,020 --> 00:04:03,290 and we said that this one should be unique 87 00:04:03,290 --> 00:04:04,590 and so it should not work. 88 00:04:06,330 --> 00:04:10,276 Okay, and so of course our duplicate key error, right? 89 00:04:10,276 --> 00:04:12,210 Okay, and so of course our duplicate key error, right? 90 00:04:12,210 --> 00:04:14,170 Now if you were in production, then of course 91 00:04:14,170 --> 00:04:17,040 we already would get our nicely formatted error 92 00:04:17,040 --> 00:04:19,620 that we created in the last section, right? 93 00:04:19,620 --> 00:04:23,730 But right now we are in development and so that's the error 94 00:04:23,730 --> 00:04:25,383 that we defined we want to see. 95 00:04:26,510 --> 00:04:27,343 Okay? 96 00:04:28,440 --> 00:04:30,890 So let's simply use another email here 97 00:04:30,890 --> 00:04:33,060 and since we're working on the email here, 98 00:04:33,060 --> 00:04:36,593 let's also see how the email address validation works. 99 00:04:37,650 --> 00:04:40,833 So let's say that we specified this as our email. 100 00:04:42,190 --> 00:04:46,830 And so, we see the error, "please provide a valid email." 101 00:04:46,830 --> 00:04:47,663 Okay? 102 00:04:48,660 --> 00:04:51,320 So let's test it just like this because I think that this 103 00:04:51,320 --> 00:04:53,120 should also not be valid. 104 00:04:53,120 --> 00:04:55,043 Maybe it is, but let's see. 105 00:04:56,170 --> 00:04:57,840 And yeah, actually it's not because 106 00:04:57,840 --> 00:05:01,050 there are no domain names with only one letter, okay? 107 00:05:01,050 --> 00:05:03,990 And so this validator is pretty specific 108 00:05:03,990 --> 00:05:05,890 so it's really good. 109 00:05:05,890 --> 00:05:09,080 Now if we do it like this, then of course it should work. 110 00:05:09,080 --> 00:05:11,000 But anyway, what we wanted to test here 111 00:05:11,000 --> 00:05:13,860 is these different passwords, okay? 112 00:05:13,860 --> 00:05:15,460 And I remember now that we actually 113 00:05:15,460 --> 00:05:18,493 didn't create an error message, I believe. 114 00:05:19,430 --> 00:05:21,070 And yeah, we didn't. 115 00:05:21,070 --> 00:05:22,993 And so, let's add that here as well. 116 00:05:25,120 --> 00:05:26,113 So message, 117 00:05:28,510 --> 00:05:29,510 are not 118 00:05:30,930 --> 00:05:31,803 the same. 119 00:05:32,900 --> 00:05:33,733 Okay. 120 00:05:35,580 --> 00:05:38,390 So let's add something here, doesn't matter. 121 00:05:38,390 --> 00:05:42,613 And so now, passwords are not the same, okay? 122 00:05:43,460 --> 00:05:45,233 So perfect. 123 00:05:45,233 --> 00:05:48,333 And now of course our validation should be passed. 124 00:05:49,640 --> 00:05:53,690 And indeed, it is and we created our new user. 125 00:05:53,690 --> 00:05:55,900 Let's head over to Compass here, 126 00:05:55,900 --> 00:05:58,640 take a look, and then actually delete it 127 00:05:58,640 --> 00:06:02,953 so that I can later create more users with the same email. 128 00:06:04,330 --> 00:06:05,163 All right? 129 00:06:05,163 --> 00:06:07,310 And we don't want all this junk here anyway 130 00:06:07,310 --> 00:06:09,990 so all these test users, okay? 131 00:06:09,990 --> 00:06:13,330 But now, the next step is to actually encrypt 132 00:06:13,330 --> 00:06:15,560 these plain passwords that we are storing 133 00:06:15,560 --> 00:06:17,570 in our database right now. 134 00:06:17,570 --> 00:06:19,940 So, as I mentioned in the last video, 135 00:06:19,940 --> 00:06:21,950 when we are working with authentication, 136 00:06:21,950 --> 00:06:24,220 one of the most fundamental principles 137 00:06:24,220 --> 00:06:29,090 is to never ever store plain passwords in a database, okay? 138 00:06:29,090 --> 00:06:33,170 So that is something that's absolutely not acceptable, okay? 139 00:06:33,170 --> 00:06:36,650 So we should really always encrypt user's passwords 140 00:06:36,650 --> 00:06:38,510 because imagine that for some reason, 141 00:06:38,510 --> 00:06:41,250 a hacker gets access to the database. 142 00:06:41,250 --> 00:06:44,880 If then the passwords are stored in plain text in there, 143 00:06:44,880 --> 00:06:47,550 then he can simply login as any user 144 00:06:47,550 --> 00:06:49,720 and then do whatever he really wants 145 00:06:49,720 --> 00:06:52,730 and cause a lot of damage in some cases, okay? 146 00:06:52,730 --> 00:06:55,770 And so we need to absolutely prevent that. 147 00:06:55,770 --> 00:06:58,563 And so let's now go ahead and implement this. 148 00:06:59,870 --> 00:07:03,610 Now, where is the best place to actually do that? 149 00:07:03,610 --> 00:07:07,270 Well, I would argue that the model is always the best place 150 00:07:07,270 --> 00:07:10,160 to do this kind of functionality. 151 00:07:10,160 --> 00:07:12,110 So in this case, the encryption 152 00:07:12,110 --> 00:07:14,960 because it really has to do with the data itself 153 00:07:14,960 --> 00:07:16,730 and so it should be on the model 154 00:07:16,730 --> 00:07:19,070 and not in the controller, okay? 155 00:07:19,070 --> 00:07:22,022 So again, keep the fat models, thin controllers 156 00:07:22,022 --> 00:07:24,040 philosophy in mind here. 157 00:07:24,040 --> 00:07:24,873 All right? 158 00:07:27,260 --> 00:07:31,170 So how are we gonna now implement this encryption? 159 00:07:31,170 --> 00:07:33,660 Well, this is another perfect use case 160 00:07:33,660 --> 00:07:36,050 for using Mongoose middleware. 161 00:07:36,050 --> 00:07:37,430 And the one that we're gonna use 162 00:07:37,430 --> 00:07:39,210 is a pre-save middleware. 163 00:07:39,210 --> 00:07:42,630 So basically document middleware, okay? 164 00:07:42,630 --> 00:07:47,630 So, remember that we defined that on the schema, okay? 165 00:07:47,760 --> 00:07:50,130 And in this case, we want to set a pre-hook, 166 00:07:50,130 --> 00:07:52,928 so a pre-middleware on save, all right? 167 00:07:52,928 --> 00:07:54,490 so a pre-middleware on save, all right? 168 00:07:54,490 --> 00:07:56,750 And the reason why we're doing it like this 169 00:07:56,750 --> 00:07:58,320 is that the middleware function 170 00:07:58,320 --> 00:08:01,240 that we're gonna specify here, so the encryption, 171 00:08:01,240 --> 00:08:03,660 is then gonna be happened between the moment 172 00:08:03,660 --> 00:08:05,990 that we receive that data and the moment 173 00:08:05,990 --> 00:08:09,340 where it's actually persisted to the database, okay? 174 00:08:09,340 --> 00:08:12,200 So that's where the pre-save middleware runs. 175 00:08:12,200 --> 00:08:15,600 Between getting the data and saving it to the database. 176 00:08:15,600 --> 00:08:19,210 And so that's the perfect time to manipulate the data. 177 00:08:19,210 --> 00:08:20,420 All right? 178 00:08:20,420 --> 00:08:21,253 So, 179 00:08:22,480 --> 00:08:26,010 a function, and then remember we have access 180 00:08:26,010 --> 00:08:29,740 to the next function in order to call the next middleware. 181 00:08:29,740 --> 00:08:33,220 Okay, now we actually only want to encrypt the password 182 00:08:33,220 --> 00:08:37,400 if the password field has actually been updated, okay? 183 00:08:37,400 --> 00:08:40,900 So basically only when really the password is changed 184 00:08:40,900 --> 00:08:43,370 or also when it's created new, all right? 185 00:08:43,370 --> 00:08:46,890 Because imagine the user is only updating the email. 186 00:08:46,890 --> 00:08:48,340 Then in that case, of course, 187 00:08:48,340 --> 00:08:51,760 we do not want to encrypt the password again, right? 188 00:08:51,760 --> 00:08:54,420 And so we can do that with Mongoose. 189 00:08:54,420 --> 00:08:58,130 And so we're gonna say, if and then this, 190 00:08:58,130 --> 00:09:00,840 which refers to the current document, right? 191 00:09:00,840 --> 00:09:03,070 And so in this case, to the current user 192 00:09:03,070 --> 00:09:04,583 and then is modified. 193 00:09:06,690 --> 00:09:07,523 Okay? 194 00:09:07,523 --> 00:09:10,670 So we have a method on all documents which we can use 195 00:09:10,670 --> 00:09:13,260 if a certain field has been modified. 196 00:09:13,260 --> 00:09:16,270 And so here, we need to pass in the name of the field, 197 00:09:16,270 --> 00:09:17,940 so "password." 198 00:09:17,940 --> 00:09:18,773 Okay? 199 00:09:18,773 --> 00:09:21,080 And so basically, what we want to do here 200 00:09:21,080 --> 00:09:24,440 is to say that if the password has not been modified, 201 00:09:24,440 --> 00:09:27,540 so not, then in that case, let's simply 202 00:09:27,540 --> 00:09:30,520 return from this function and not run 203 00:09:30,520 --> 00:09:32,320 any of the other code that's in here 204 00:09:33,160 --> 00:09:34,863 and then call the next middleware. 205 00:09:35,834 --> 00:09:36,667 Okay? 206 00:09:37,930 --> 00:09:41,170 So again, if the password has not been modified, 207 00:09:41,170 --> 00:09:42,810 then let's just exit this function 208 00:09:42,810 --> 00:09:44,600 and call the next middleware. 209 00:09:44,600 --> 00:09:46,770 Otherwise we will then run the code 210 00:09:46,770 --> 00:09:48,580 that I'm gonna put in here. 211 00:09:48,580 --> 00:09:51,270 And so now it's finally time to actually encrypt, 212 00:09:51,270 --> 00:09:55,200 or as we can also say, to hash the password, okay? 213 00:09:55,200 --> 00:09:58,490 So you will see the term "hash" or "hashing" all the time 214 00:09:58,490 --> 00:10:01,890 and so that basically means encryption as well, okay? 215 00:10:01,890 --> 00:10:05,440 Now we are gonna do this encryption, or hashing, 216 00:10:05,440 --> 00:10:08,580 using a very well-known and well-studied 217 00:10:08,580 --> 00:10:13,230 and very popular hashing algorithm called bcrypt. 218 00:10:13,230 --> 00:10:14,290 Okay? 219 00:10:14,290 --> 00:10:18,200 So this algorithm will first salt then hash our password 220 00:10:18,200 --> 00:10:21,130 in order to make it really strong to protect it 221 00:10:21,130 --> 00:10:23,760 against bruteforce attacks, all right? 222 00:10:23,760 --> 00:10:25,280 And so that's the whole reason 223 00:10:25,280 --> 00:10:27,600 why encryption needs to be really strong. 224 00:10:27,600 --> 00:10:30,360 Because bruteforce attacks could try to guess 225 00:10:30,360 --> 00:10:34,040 a certain passwords if it's not really strong encrypted. 226 00:10:34,040 --> 00:10:37,990 And remember how I said that bcrypt will salt our password 227 00:10:37,990 --> 00:10:40,950 and that just means that it's gonna add a random string 228 00:10:40,950 --> 00:10:44,500 to the password so that two equal passwords 229 00:10:44,500 --> 00:10:47,430 do not generate the same hash, okay? 230 00:10:47,430 --> 00:10:48,490 Make sense? 231 00:10:48,490 --> 00:10:51,520 Now I'm not gonna go into all the cryptographic details 232 00:10:51,520 --> 00:10:53,940 on how this really works behind the scenes 233 00:10:53,940 --> 00:10:56,850 and why we need such a complex system, okay? 234 00:10:56,850 --> 00:11:00,140 But of course you can read all you want about bcrypt online. 235 00:11:00,140 --> 00:11:02,830 There's really a ton of interesting stuff 236 00:11:02,830 --> 00:11:05,290 to discover there, all right? 237 00:11:05,290 --> 00:11:09,270 Anyway, let's now go ahead and use the bcrypt js package 238 00:11:09,270 --> 00:11:12,133 in order to use this algorithm. 239 00:11:13,790 --> 00:11:14,623 So, 240 00:11:15,560 --> 00:11:16,393 so npm install 241 00:11:16,393 --> 00:11:17,660 so npm install 242 00:11:19,156 --> 00:11:19,989 bcryptjs. 243 00:11:19,989 --> 00:11:20,822 bcryptjs. 244 00:11:20,822 --> 00:11:21,655 bcryptjs. 245 00:11:21,655 --> 00:11:22,488 Okay? 246 00:11:22,488 --> 00:11:25,410 And so this basically is a bcrypt implementation 247 00:11:25,410 --> 00:11:26,713 for Javascript. 248 00:11:27,650 --> 00:11:28,750 Okay? 249 00:11:28,750 --> 00:11:30,720 Let's go back to our main terminal 250 00:11:32,550 --> 00:11:34,513 and then go ahead and import it here. 251 00:11:36,092 --> 00:11:38,972 And this one is by default only called bcrypt, okay? 252 00:11:38,972 --> 00:11:40,820 And this one is by default only called bcrypt, okay? 253 00:11:40,820 --> 00:11:41,873 And not bcryptjs. 254 00:11:42,889 --> 00:11:45,889 (keyboard clicking) 255 00:11:49,330 --> 00:11:50,163 All right. 256 00:11:53,360 --> 00:11:54,193 All right. 257 00:11:54,193 --> 00:11:56,033 And now, let's actually use it. 258 00:11:56,970 --> 00:12:00,293 So, we want to say that this dot password, 259 00:12:01,370 --> 00:12:03,510 so the current password in this document 260 00:12:04,590 --> 00:12:07,381 should be equal to bcrypt dot hash 261 00:12:07,381 --> 00:12:10,214 should be equal to bcrypt dot hash 262 00:12:11,600 --> 00:12:13,100 and then our current password. 263 00:12:14,640 --> 00:12:15,473 Okay? 264 00:12:15,473 --> 00:12:19,600 And then in here we need to specify a cost parameter, okay? 265 00:12:19,600 --> 00:12:22,100 And we could actually do this in two ways. 266 00:12:22,100 --> 00:12:25,700 So the first way will to be manually generating the salt, 267 00:12:25,700 --> 00:12:27,740 so that random string basically, 268 00:12:27,740 --> 00:12:29,727 that is gonna be added to our password 269 00:12:29,727 --> 00:12:33,770 and then use that salt here in this hash function. 270 00:12:33,770 --> 00:12:34,603 All right? 271 00:12:34,603 --> 00:12:36,480 But instead, to make it a bit easier, 272 00:12:36,480 --> 00:12:39,260 we can also simply pass a cost parameter 273 00:12:39,260 --> 00:12:40,620 into this function here. 274 00:12:40,620 --> 00:12:42,920 And so that is basically a measure 275 00:12:42,920 --> 00:12:47,360 of how CPU intensive this operation will be, all right? 276 00:12:47,360 --> 00:12:50,230 And the default value here I believe is 10, 277 00:12:50,230 --> 00:12:53,130 but right now it's a bit better actually to use 12 278 00:12:53,130 --> 00:12:55,810 because computers have become more and more powerful. 279 00:12:55,810 --> 00:12:58,800 So like 20 years ago, you could have used eight here 280 00:12:58,800 --> 00:13:01,170 and then a bit later than 10, 281 00:13:01,170 --> 00:13:04,670 but right now at this point in time, it's best to use 12. 282 00:13:04,670 --> 00:13:06,610 And so the higher this cost here, 283 00:13:06,610 --> 00:13:09,610 basically the more CPU intensive the process will be 284 00:13:09,610 --> 00:13:13,350 and the better the password will be encrypted, okay? 285 00:13:13,350 --> 00:13:15,070 And of course we could go even higher, 286 00:13:15,070 --> 00:13:17,750 but then it would take way too long, all right? 287 00:13:17,750 --> 00:13:20,330 And I will show that to you in a second. 288 00:13:20,330 --> 00:13:21,163 Okay? 289 00:13:21,163 --> 00:13:22,910 But for now, let's actually finish this 290 00:13:22,910 --> 00:13:26,060 because there is one thing left here. 291 00:13:26,060 --> 00:13:29,040 So this hash here is actually the asynchronous version, 292 00:13:29,040 --> 00:13:31,440 but there also is a synchronous version. 293 00:13:31,440 --> 00:13:33,960 But as you already know, we do not want to use 294 00:13:33,960 --> 00:13:35,313 the synchronous version because 295 00:13:35,313 --> 00:13:38,810 that will block the event loop and then prevent other users 296 00:13:38,810 --> 00:13:41,000 from using the application. 297 00:13:41,000 --> 00:13:43,350 So just like we learned in the beginning. 298 00:13:43,350 --> 00:13:45,230 And so of course we want to use 299 00:13:45,230 --> 00:13:48,130 the asynchronous version which is this one. 300 00:13:48,130 --> 00:13:50,210 And this will then return a promise 301 00:13:50,210 --> 00:13:53,860 and that promise, of course, we need to await. 302 00:13:53,860 --> 00:13:58,860 And so, we need to use await and then say that this function 303 00:13:58,960 --> 00:14:02,513 is an async function, just like this. 304 00:14:04,730 --> 00:14:06,860 So, let's recap that here. 305 00:14:06,860 --> 00:14:09,780 So, we want to set our current password 306 00:14:09,780 --> 00:14:14,780 basically to encrypt this version of the original password 307 00:14:14,780 --> 00:14:17,500 with a cost of 12, not to make it too easy 308 00:14:17,500 --> 00:14:21,690 to break the password, but also not to make the application 309 00:14:21,690 --> 00:14:25,423 take too long for encrypting the password, all right? 310 00:14:25,423 --> 00:14:27,920 So with this, we encrypted our password 311 00:14:27,920 --> 00:14:30,070 and now in the end, what we need to do 312 00:14:30,070 --> 00:14:33,840 is to basically delete the confirm password, all right? 313 00:14:33,840 --> 00:14:35,670 Because at this point in time, 314 00:14:35,670 --> 00:14:38,663 we only have the real password hashed, right? 315 00:14:40,560 --> 00:14:42,489 So, this dot password confirm, 316 00:14:42,489 --> 00:14:43,643 So, this dot password confirm, 317 00:14:43,643 --> 00:14:45,980 and how we basically delete the field, 318 00:14:45,980 --> 00:14:48,740 so not to be persisted in the database 319 00:14:48,740 --> 00:14:51,440 is to set it to undefined. 320 00:14:51,440 --> 00:14:52,400 All right? 321 00:14:52,400 --> 00:14:55,970 So, we really only need this password confirm here 322 00:14:55,970 --> 00:14:58,950 for the validation that we implemented before. 323 00:14:58,950 --> 00:15:00,730 So just to make sure that the user 324 00:15:00,730 --> 00:15:03,160 actually inputted two equal passwords 325 00:15:03,160 --> 00:15:06,660 so that he doesn't make any mistakes with his password. 326 00:15:06,660 --> 00:15:07,590 Right? 327 00:15:07,590 --> 00:15:10,300 And so after this validation was successful, 328 00:15:10,300 --> 00:15:13,060 we actually no longer need this field 329 00:15:13,060 --> 00:15:16,710 so we really do not want to persist it to the database. 330 00:15:16,710 --> 00:15:20,130 And so that's why we simply set it here to undefined. 331 00:15:20,130 --> 00:15:21,150 All right? 332 00:15:21,150 --> 00:15:23,220 Now you might wonder why this works 333 00:15:23,220 --> 00:15:25,920 because we actually set password confirm 334 00:15:25,920 --> 00:15:27,800 to a required, right? 335 00:15:27,800 --> 00:15:30,750 But that simply means that it's a required input, 336 00:15:30,750 --> 00:15:33,650 not that it's required to actually be persisted 337 00:15:33,650 --> 00:15:35,149 to the database, okay? 338 00:15:35,149 --> 00:15:36,982 to the database, okay? 339 00:15:38,393 --> 00:15:42,390 Now, just to finish, we of course need to also call next. 340 00:15:42,390 --> 00:15:43,240 Okay? 341 00:15:43,240 --> 00:15:44,290 Let's give it a save. 342 00:15:45,640 --> 00:15:47,440 And actually I'm gonna add some comments here 343 00:15:47,440 --> 00:15:49,370 to make it really clear for you. 344 00:15:49,370 --> 00:15:52,400 So basically what this does, is to only run 345 00:15:54,180 --> 00:15:55,050 this function 346 00:15:56,160 --> 00:15:57,190 if password 347 00:15:58,930 --> 00:16:00,533 was actually modified. 348 00:16:05,070 --> 00:16:05,903 Then here, 349 00:16:08,840 --> 00:16:11,803 hash the password with cost of 12. 350 00:16:14,785 --> 00:16:16,300 And then, 351 00:16:16,300 --> 00:16:19,443 delete the password confirm field. 352 00:16:20,750 --> 00:16:21,583 Okay. 353 00:16:21,583 --> 00:16:24,453 And now, let's go ahead and test this. 354 00:16:25,660 --> 00:16:29,590 And I will now create a new user with exactly this data 355 00:16:29,590 --> 00:16:32,470 and let's now take a look at the result. 356 00:16:32,470 --> 00:16:36,460 And indeed, we now get this very weird looking password 357 00:16:36,460 --> 00:16:40,163 which indeed is the encrypted version of pass1234. 358 00:16:41,410 --> 00:16:45,580 And also, as you see, password confirm is no longer here. 359 00:16:45,580 --> 00:16:46,413 Okay? 360 00:16:46,413 --> 00:16:48,930 And so just like this, we now stored users 361 00:16:48,930 --> 00:16:51,353 in a secure way in our database. 362 00:16:52,280 --> 00:16:55,310 Let me now just show you how it will work 363 00:16:55,310 --> 00:16:58,233 if we, for example, set it to 16 here. 364 00:17:00,740 --> 00:17:02,540 And I need to change the email here. 365 00:17:03,540 --> 00:17:07,119 And so that should now take a lot of time 366 00:17:07,119 --> 00:17:09,180 and I'm not sure if I can even wait. 367 00:17:09,180 --> 00:17:12,490 Oh, actually it took like four and a half seconds. 368 00:17:12,490 --> 00:17:17,319 But that's still a bit too much I believe, okay? 369 00:17:17,319 --> 00:17:18,980 So, 370 00:17:18,980 --> 00:17:20,329 let's set it back to 12 371 00:17:21,410 --> 00:17:24,507 and so that should be better, okay? 372 00:17:24,507 --> 00:17:26,670 And now let's just, again, delete 373 00:17:26,670 --> 00:17:29,630 these users here that we just created. 374 00:17:29,630 --> 00:17:32,110 And actually I need to get rid of this first one 375 00:17:32,110 --> 00:17:36,000 because this one still has the password in plain text. 376 00:17:36,000 --> 00:17:38,090 And so this user is not gonna work 377 00:17:38,090 --> 00:17:40,370 when we start to actually login users 378 00:17:40,370 --> 00:17:42,621 based on their password. 379 00:17:42,621 --> 00:17:44,250 Okay? 380 00:17:44,250 --> 00:17:45,743 So let's get rid of this. 381 00:17:52,780 --> 00:17:54,060 Okay? 382 00:17:54,060 --> 00:17:56,170 And also what I wanted to show you here 383 00:17:57,510 --> 00:17:59,880 is that we put in the exact same password 384 00:17:59,880 --> 00:18:02,390 for these two users that we created, right? 385 00:18:02,390 --> 00:18:04,520 But you see that the encrypted password 386 00:18:04,520 --> 00:18:07,630 is actually very different, right? 387 00:18:07,630 --> 00:18:09,820 And so that's the power of salting the password 388 00:18:09,820 --> 00:18:11,043 before hashing it. 389 00:18:12,220 --> 00:18:13,060 All right? 390 00:18:13,060 --> 00:18:17,250 So just like this, we, again, implemented a very secure 391 00:18:17,250 --> 00:18:19,313 and good password management. 30026