Merge pull request ericelliott#37 from mastilver/factory

(breaking) switch from static module to factory

Author: ericelliott

credential.js

@@ -27,6 +27,12 @@ var crypto = require('crypto'),
   msPerDay = 24 * 60 * 60 * 1000,
   msPerYear = 366 * msPerDay,
   y2k = new Date(2000, 0, 1),
+  defaultOptions = {
+    keyLength: 66,
+    work: 1,
+    hashMethod: 'pbkdf2'
+  },
+
 
   /**
    * pdkdf(password, salt, iterations,
@@ -100,28 +106,33 @@ var crypto = require('crypto'),
   },
 
   /**
-   * expired(hash)
+   * isExpired(hash, days, work)
    *
    * Checks if a hash is older than the amount of days.
    *
-   * @param  {Number} hash
-   * @return {Number} days
+   * @param {Number} hash
+   * @param {Number} days
+   * @param {Number} work
+   * @return {bool}
    */
 
-  expired = function expired (hash, days){
+  isExpired = function isExpired (hash, days, work){
     var base = Date.now() - (days || 90) * msPerDay;
-    var minIterations = iterations(this.work, base);
+    var minIterations = iterations(work, base);
 
     return JSON.parse(hash).iterations < minIterations;
   },
 
   /**
-   * toHash(password, callback) callback(err, hash)
+   * toHash(password, hashMethod, keyLength, work, callback) callback(err, hash)
    *
    * Takes a new password and creates a unique hash. Passes
    * a JSON encoded object to the callback.
    *
    * @param  {[type]}   password
+   * @param  {String}   hashMethod
+   * @param  {Number}   keyLength
+   * @param  {Number}   work
    * @param  {Function} callback
    */
   /**
@@ -135,10 +146,8 @@ var crypto = require('crypto'),
    * @param  {Number} hashObject.iterations
    * @return {undefined}
    */
-  toHash = function toHash (password, callback) {
-    var hashMethod = this.hashMethod,
-      keyLength = this.keyLength,
-      n = iterations(this.work);
+  toHash = function toHash (password, hashMethod, keyLength, work, callback) {
+    var n = iterations(work);
 
     if (typeof (password) !== 'string' || password.length === 0) {
       return callback(new Error('Password must be a ' +
@@ -213,36 +222,21 @@ var crypto = require('crypto'),
       }
       callback(null, constantTimeCompare(newHash, storedHash.hash));
     });
-  },
+  };
 
-  /**
-   * configure(options)
-   *
-   * Alter settings.
-   *
-   * Warning: Decreasing `keyLength` or `work`
-   * can make your password database less secure.
-   *
-   * @param  {Object} options Options object.
-   * @param  {Number} options.keyLength
-   * @param  {Number} options.work
-   * @return {Object} credential object
-   */
-  configure = function configure (options) {
-    mixIn(this, this.defaults, options);
-    return this;
-  },
 
-  defaults = {
-    keyLength: 66,
-    work: 1,
-    hashMethod: 'pbkdf2'
-  };
+module.exports = function credential (opts) {
+
+  var options = mixIn({}, defaultOptions, opts);
 
-module.exports = mixIn({}, defaults, {
-  hash: toHash,
-  verify: verify,
-  expired: expired,
-  configure: configure,
-  iterations: iterations
-});
+  return {
+    verify: verify,
+    iterations: iterations,
+    hash: function (password, callback) {
+      toHash(password, options.hashMethod, options.keyLength, options.work, callback);
+    },
+    expired: function (hash, days) {
+      return isExpired(hash, days, options.work);
+    }
+  };
+};

test/credential-test.js

@@ -1,9 +1,11 @@
 'use strict';
 var test = require('tape'),
-  pw = require('../credential.js');
+  credential = require('../credential.js');
 
 test('hash', function (t) {
 
+  var pw = credential();
+
   pw.hash('foo', function (err, hash) {
 
     t.equal(typeof hash, 'string',
@@ -19,6 +21,8 @@ test('hash', function (t) {
 
 test('hash with different passwords', function (t) {
 
+  var pw = credential();
+
   pw.hash('foo', function (err, fooHash) {
 
     pw.hash('bar', function (err, barHash) {
@@ -33,6 +37,8 @@ test('hash with different passwords', function (t) {
 
 test('hash with same passwords', function (t) {
 
+  var pw = credential();
+
   pw.hash('foo', function (err, fooHash) {
 
     pw.hash('foo', function (err, barHash) {
@@ -47,6 +53,8 @@ test('hash with same passwords', function (t) {
 
 test('hash with undefined password', function (t) {
 
+  var pw = credential();
+
   try {
     pw.hash(undefined, function (err) {
       t.ok(err,
@@ -61,6 +69,8 @@ test('hash with undefined password', function (t) {
 
 test('hash with empty password', function (t) {
 
+  var pw = credential();
+
   try {
     pw.hash('', function (err) {
       t.ok(err,
@@ -75,7 +85,8 @@ test('hash with empty password', function (t) {
 
 
 test('verify with right pw', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     pw.verify(storedHash, pass, function (err, isValid) {
@@ -92,7 +103,8 @@ test('verify with right pw', function (t) {
 
 test('verify with broken stored hash', function (t) {
   var pass = 'foo',
-    storedHash = 'aoeuntkh;kbanotehudil,.prcgidax$aoesnitd,riouxbx;qjkwmoeuicgr';
+    storedHash = 'aoeuntkh;kbanotehudil,.prcgidax$aoesnitd,riouxbx;qjkwmoeuicgr',
+    pw = credential();
 
   pw.verify(storedHash, pass, function (err) {
 
@@ -106,7 +118,8 @@ test('verify with broken stored hash', function (t) {
 
 
 test('verify with wrong pw', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     pw.verify(storedHash, 'bar', function (err, isValid) {
@@ -119,7 +132,8 @@ test('verify with wrong pw', function (t) {
 });
 
 test('verify with undefined password', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     try {
@@ -138,7 +152,8 @@ test('verify with undefined password', function (t) {
 });
 
 test('verify with empty password', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     try {
@@ -157,7 +172,8 @@ test('verify with empty password', function (t) {
 });
 
 test('expired with valid hash and default expiry', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     t.notOk(pw.expired(storedHash),
@@ -168,7 +184,8 @@ test('expired with valid hash and default expiry', function (t) {
 });
 
 test('expired with short expiry', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     t.notOk(pw.expired(storedHash, 2),
@@ -179,7 +196,8 @@ test('expired with short expiry', function (t) {
 });
 
 test('expired with expiry in the past', function (t) {
-  var pass = 'foo';
+  var pass = 'foo',
+      pw = credential();
 
   pw.hash(pass, function (err, storedHash) {
     t.ok(pw.expired(storedHash, -2),
@@ -243,7 +261,8 @@ test('constantEquals exposes no timings', function (t) {
 test('overrides', function (t) {
   var work = 0.5;
   var keyLength = 12;
-  pw.configure({
+
+  var pw = credential({
     work: work,
     keyLength: keyLength
   });