fix(authentication-local): Allow to hash passwords in array data (#1936)

Author: daffl

packages/authentication-local/src/hooks/hash-password.ts

@@ -24,10 +24,9 @@ export default function hashPassword (field: string, options: HashPasswordOption
     }
 
     const { app, data, params } = context;
-    const password = get(data, field);
 
-    if (data === undefined || password === undefined) {
-      debug(`hook.data or hook.data.${field} is undefined. Skipping hashPassword hook.`);
+    if (data === undefined) {
+      debug(`hook.data is undefined. Skipping hashPassword hook.`);
       return context;
     }
 
@@ -44,9 +43,21 @@ export default function hashPassword (field: string, options: HashPasswordOption
       throw new BadRequest(`Could not find '${strategy}' strategy to hash password`);
     }
 
-    const hashedPassword: string = await localStrategy.hashPassword(password, params);
+    const addHashedPassword = async (data: any) => {
+      const password = get(data, field);
 
-    context.data = set(cloneDeep(data), field, hashedPassword);
+      if (password === undefined) {
+        debug(`hook.data.${field} is undefined, not hashing password`);
+        return data;
+      }
+
+      const hashedPassword: string = await localStrategy.hashPassword(password, params);
+
+      return set(cloneDeep(data), field, hashedPassword);
+    }
+
+    context.data = Array.isArray(data) ? await Promise.all(data.map(addHashedPassword)) :
+      await addHashedPassword(data);
 
     return context;
   };

packages/authentication-local/test/fixture.js

@@ -25,6 +25,7 @@ module.exports = (app = feathers()) => {
 
   app.use('/authentication', authentication);
   app.use('/users', memory({
+    multi: [ 'create' ],
     paginate: {
       default: 10,
       max: 20

packages/authentication-local/test/hooks/hash-password.test.ts

@@ -89,6 +89,21 @@ describe('@feathersjs/authentication-local/hooks/hash-password', () => {
     assert.notStrictEqual(user.password, password);
   });
 
+  it('hashes password on array data', async () => {
+    const password = 'supersecret';
+
+    const users = await app.service('users').create([{
+      email: 'dave@hashpassword.com',
+      password
+    }, {
+      email: 'dave2@hashpassword.com',
+      password: 'secret2'
+    }]);
+
+    assert.notStrictEqual(users[0].password, password);
+    assert.notStrictEqual(users[1].password, 'secret2');
+  });
+
   it('does nothing when field is not present', async () => {
     const user = await app.service('users').create({
       email: 'dave@hashpassword.com'