Password Utilities

EverShop provides password utility functions for hashing, comparing, and validating passwords using bcrypt.

Import

import {
  hashPassword,
  comparePassword,
  verifyPassword,
  addPasswordValidationRule
} from '@evershop/evershop/lib/util/passwordHelper';

hashPassword

Hash a plain-text password using bcrypt with a salt round of 10.

hashPassword(password: string): string

Example

import { hashPassword } from '@evershop/evershop/lib/util/passwordHelper';

const hash = hashPassword('mySecurePassword');
// Returns: "$2a$10$..." (bcrypt hash string)

comparePassword

Compare a plain-text password against a bcrypt hash.

comparePassword(password: string, hash: string): boolean

Example

import { comparePassword } from '@evershop/evershop/lib/util/passwordHelper';

const isValid = comparePassword('mySecurePassword', storedHash);
if (isValid) {
  // Password matches
}

verifyPassword

Validate a password against all registered validation rules. Throws an error if validation fails.

verifyPassword(password: string): boolean

Default Rules

• Password must be at least 6 characters

Example

import { verifyPassword } from '@evershop/evershop/lib/util/passwordHelper';

try {
  verifyPassword('ab'); // Throws: "Password must be at least 6 characters"
} catch (error) {
  console.error(error.message);
}

addPasswordValidationRule

Add a custom password validation rule. Must be called during the bootstrap phase.

addPasswordValidationRule(rule: Validator<string>): void

Example

extensions/my-extension/src/bootstrap.ts

import { addPasswordValidationRule } from '@evershop/evershop/lib/util/passwordHelper';

export default function () {
  addPasswordValidationRule({
    id: 'requireUppercase',
    func: (password) => /[A-Z]/.test(password),
    errorMessage: 'Password must contain at least one uppercase letter'
  });
}

See Also

• request.loginCustomerWithEmail - Customer login
• updatePassword - Update customer password