CrabDude/original.js

## original.js
async()=>{

  // Pointless calling await because crypto.pbkdf2 returns nothing
  await crypto.pbkdf2('asdf', 'salt', 4096, 512, 'sha256', function(err, key) {
    if (err) throw err
    user.password = key.toString('hex')
    console.log(user.password)
    // return key.toString('hex') // 'c5e478d...1469e50'
  })

  // should be...
  let hash = await crypto.pbkdf2('asdf', 'salt', 4096, 512, 'sha256')
  user.password = hash.toString('hex')
}()

passport.use(new LocalStrategy({
    // Use "email" field instead of "username"
    usernameField: 'email',
    // We'll need this later
    failureFlash: true
  }, nodeifyit(async (email, password) => {
    if (email !== user.email) {
      console.log(user.password)
      return [false, {message: 'Invalid username'}]
    }
    let pa = null

    // Again, pointless calling await because crypto.pbkdf2 returns nothing
    await crypto.pbkdf2(password, 'salt', 4096, 512, 'sha256', function(err, key) {
      if (err) throw err
      pa = key.toString('hex')
      // 'c5e478d...1469e50'
      console.log(pa)
      console.log("compare: " + pa === user.password)
    })

    // should be...
    let hash = await crypto.promise.pbkdf2(password, 'salt', 4096, 512, 'sha256')
    pa = hash.toString('hex')
    // 'c5e478d...1469e50'

    // With the original code, pa will ALWAYS be null because the callback fires on a different event loop tick
    if ( pa !== user.password) {
       return [false, {message: 'Invalid password'}]
    }
    return user
}, {spread: true})))
	async()=>{

	// Pointless calling await because crypto.pbkdf2 returns nothing
	await crypto.pbkdf2('asdf', 'salt', 4096, 512, 'sha256', function(err, key) {
	if (err) throw err
	user.password = key.toString('hex')
	console.log(user.password)
	// return key.toString('hex') // 'c5e478d...1469e50'
	})

	// should be...
	let hash = await crypto.pbkdf2('asdf', 'salt', 4096, 512, 'sha256')
	user.password = hash.toString('hex')
	}()

	passport.use(new LocalStrategy({
	// Use "email" field instead of "username"
	usernameField: 'email',
	// We'll need this later
	failureFlash: true
	}, nodeifyit(async (email, password) => {
	if (email !== user.email) {
	console.log(user.password)
	return [false, {message: 'Invalid username'}]
	}
	let pa = null

	// Again, pointless calling await because crypto.pbkdf2 returns nothing
	await crypto.pbkdf2(password, 'salt', 4096, 512, 'sha256', function(err, key) {
	if (err) throw err
	pa = key.toString('hex')
	// 'c5e478d...1469e50'
	console.log(pa)
	console.log("compare: " + pa === user.password)
	})

	// should be...
	let hash = await crypto.promise.pbkdf2(password, 'salt', 4096, 512, 'sha256')
	pa = hash.toString('hex')
	// 'c5e478d...1469e50'

	// With the original code, pa will ALWAYS be null because the callback fires on a different event loop tick
	if ( pa !== user.password) {
	return [false, {message: 'Invalid password'}]
	}
	return user
	}, {spread: true})))