1 00:00:00,000 --> 00:00:03,000 So storing passwords as plain text 2 00:00:03,000 --> 00:00:05,000 is not a great idea, 3 00:00:05,000 --> 00:00:08,000 and therefore you should hash them. 4 00:00:08,000 --> 00:00:12,000 And for that attached you find a hash.js file, 5 00:00:12,000 --> 00:00:14,000 which you can store in the lib folder. 6 00:00:15,000 --> 00:00:20,000 And that file uses some node JS functionality 7 00:00:20,000 --> 00:00:24,000 to, in the end, convert that plain text password 8 00:00:24,000 --> 00:00:29,000 to a string that can't be converted back to that password. 9 00:00:30,000 --> 00:00:34,000 And then this file also contains a second function, 10 00:00:34,000 --> 00:00:37,000 which allows us to check passwords 11 00:00:37,000 --> 00:00:42,000 and compare them with those hashed stored passwords 12 00:00:42,000 --> 00:00:45,000 so that if a user tries to log in in the future, 13 00:00:45,000 --> 00:00:49,000 we can find out whether the password they entered then 14 00:00:49,000 --> 00:00:51,000 is the same as the hashed password 15 00:00:51,000 --> 00:00:53,000 we stored in the database. 16 00:00:54,000 --> 00:00:57,000 We can't convert that hashed password back, 17 00:00:57,000 --> 00:01:00,000 but we can of course, rehash the password 18 00:01:00,000 --> 00:01:04,000 that was entered by the user during the login process 19 00:01:04,000 --> 00:01:06,000 and then see whether that's the same 20 00:01:06,000 --> 00:01:09,000 as the one we hashed in the past 21 00:01:09,000 --> 00:01:11,000 and we store it in the database. 22 00:01:11,000 --> 00:01:13,000 And that's in the end what this function will do. 23 00:01:13,000 --> 00:01:16,000 And this function therefore will become important later 24 00:01:16,000 --> 00:01:18,000 once we add user login. 25 00:01:19,000 --> 00:01:21,000 Now for the signup, however, 26 00:01:21,000 --> 00:01:24,000 it's this hash user password function 27 00:01:24,000 --> 00:01:25,000 that will be important. 28 00:01:26,000 --> 00:01:29,000 And therefore here in auth actions.js, 29 00:01:29,000 --> 00:01:32,000 we should now create a hash password, 30 00:01:32,000 --> 00:01:37,000 which we do by calling hash user password. 31 00:01:38,000 --> 00:01:43,000 So by using this function that's part of this hash.js file, 32 00:01:43,000 --> 00:01:46,000 therefore of course you must import it from that file, 33 00:01:47,000 --> 00:01:50,000 and then you must pass the plain text password 34 00:01:50,000 --> 00:01:52,000 to it like this. 35 00:01:53,000 --> 00:01:56,000 That will then give you a hash password 36 00:01:56,000 --> 00:01:58,000 and it's now that hashed password 37 00:01:58,000 --> 00:02:01,000 that should be stored in the database 38 00:02:01,000 --> 00:02:05,000 and that's therefore how you should create new users.