Docs: Use Redwood's hashPassword() for loginToken hashing in the pass…

…word-less dbAuth flow (redwoodjs#11566)
Tobbe · Sep 15, 2024 · d924a72 · d924a72
1 parent 6420e07
commit d924a72
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/docs/docs/how-to/dbauth-passwordless.md b/docs/docs/how-to/dbauth-passwordless.md
@@ -60,6 +60,7 @@ Now that you have the file, let's add the `generateToken` function.
 ```javascript {21} title="/api/src/services/users/users.js"
 // add this import to the top of the file
 import CryptoJS from 'crypto-js'
+import { hashPassword } from '@redwoodjs/auth-dbauth-api'
 // add this to the bottom of the file
 export const generateLoginToken = async ({ email }) => {
   try {
@@ -84,10 +85,7 @@ export const generateLoginToken = async ({ email }) => {
       return sixDigitNumber.toString()
     })()
     console.log({ randomNumber }) // email the user this number
-    let salt = CryptoJS.lib.WordArray.random(30)
-    let loginToken = CryptoJS.PBKDF2(randomNumber, salt, {
-      keySize: 256 / 32,
-    }).toString()
+    let [loginToken, salt] = hashPassword(randomNumber)
     // now we'll update the user with the new salt and loginToken
     let loginTokenExpiresAt = new Date()
     loginTokenExpiresAt.setMinutes(loginTokenExpiresAt.getMinutes() + 15)