04. Password Management/01. Data Model for Passwords (💪 problem)

Data Model for Passwords

Loading "Creating an Optional Password Model in Prisma Schema"

Creating an Optional Password Model in Prisma Schema

🦉 Modeling Passwords requires special consideration. A password hash is a single field, so it may make sense to simply include the hash on the User model. However, recall that the default behavior for a select statement (particularly in Prisma where you can leave off the select) is to return all fields. So if we were to include the hash on the User model, then every time we queried for a User we would get the hash back. An unfortunate oversight on the part of a developer could lead to leaking all password hashes in the UI. 😱

Instead, we will create a separate Password model that has a one-to-one relationship to the User model. This way, the default of query the User will not include the password hash (at worst, it will include the id of the password which is not a concern).

Unfortunately, it's not possible to enforce a required value on both sides of a one-to-one relationship. So we can't enforce that a password is required on the User model at the database level. However, it's worth the tradeoff to avoid the risk of leaking passwords. (see this issue for more information).

🐨 Add the model in

prisma/schema.prisma

, then run:

npx prisma migrate dev --name password

make sure to run this in the playground directory

That should get you set up with a migration for adding the password to the database and ready for the next step.

← Previous Next →

Edit on GitHubEdit this page on GitHub

problem solution diff chat

general
Migration to Vite: Server-only module referenced by client
Fabian 🌌:
Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
1 · 17 days ago
general
🔭foundations
Solutions video on localhost:5639 ?
quang 🚀 🌌:
Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
✅1
9 · 10 months ago
general
Remix Vite Plugin
Binalfew 🚀 🌌:
<@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
✅1
3 · 10 months ago
general
Welcome to EpicWeb.dev! Say Hello 👋
Kent C. Dodds ◆ 🚀🏆🌌:
This is the first post of many hopefully!
17
78 · a year ago
🔐auth
Where are we getting target_type from?
Salym 🚀 🏆 🌌:
I don't see target_type in ur verification schema, how are we generating this?
✅1
9 · 2 months ago
🔐auth
Unknown file extension ".png" for ".../user.png"
TraderDave79 🌌:
I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
✅1
9 · 3 months ago
🔐auth
github.com refuses to connect in workshop app
TraderDave79 🌌:
Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
✅1
3 · 3 months ago
general
Epicshop is now social and mobile friendly!
Kent C. Dodds ◆ 🚀🏆🌌:
I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
🎉2
0 · 3 months ago
🔐auth
Github token added on refactor of connection model exercise
abraham_aguilera 🌌:
Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
2 · 3 months ago
💾data
general
📝forms
🔭foundations
double underscore?
trendaaang 🌌:
What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
✅1
2 · 4 months ago
🔐auth
RBAC with Entity scoping
abraham_aguilera 🌌:
Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
✅1
3 · 4 months ago
🔐auth
💾data
08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
Fabian 🌌:
So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
✅1
1 · 4 months ago
🔐auth
Redirect Cookie > 03. Redirect missing ProgressToggle form
Román 🏆 🚀 🌌:
This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
✅1
5 · 9 months ago
💾data
🔐auth
Prisma batching in the Require Authorized (07/03/solution)
ajara 🌌 🚀:
When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
✅1
4 · 5 months ago
🔭foundations
💾data
general
📝forms
🔐auth
Native Logging
trendaaang 🌌:
I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
✅1
6 · 5 months ago
general
The video play is pretty laggy currently
QzCurious 🌌:
I thought I should tag you for this <@105755735731781632>. Please take a look if something wrong.
✅2
9 · 6 months ago
general
New Workshop Scheduled
Kent C. Dodds ◆ 🚀🏆🌌:
Hey Epic Web devs! I wanted to let you know before everyone else on here: https://www.epicweb.dev/ev...
2
0 · 6 months ago
general
Deploying an exercise
Khoi 🚀 🌌:
Dear <@105755735731781632> , First of all, I really appreciate your effort in building this EPIC cou...
✅1
1 · 6 months ago
general
"Start App" throws error: Error: Cannot add empty string to PrefixLookupTrie
Martin 🌌:
✗ npm run start > start > kcdshop start [playground:4000] [playground:4000] > dev [playground:4000...
✅1
7 · 10 months ago
general
📝forms
Can't start the playground
trendaaang 🌌:
Been a minute since I last worked on this course. Just tried running the app and was notified that t...
✅1
3 · 7 months ago
general
Question about the Workshop App tabs
sjollivier 🌌:
Just started the course. I might have missed this in the Getting Started video, but how should I be ...
✅1
1 · 7 months ago
🔐auth
Debugging `createCookieSessionStorage`
Khoi 🚀 🌌:
How do I get (`console.log`) **ALL** the currently active sessions ***and their content*** that are ...
✅1
2 · 7 months ago
general
"Start App" throws TypeError: Cannot read properties of undefined (reading 'toLowerCase')
ntin89 🌌:
```TypeError: Cannot read properties of undefined (reading 'toLowerCase') at userAgentContains (...
✅1
4 · 7 months ago

Create Post