M220N Inserting a new user

In the lab for inserting a new user, the input parameters include the name, email and password.

In the insert operation, you assign name to Name, email to Email and HashedPassord to password.

My question is in the model… There is a get and set method for both hashed password and password. If you take password in as a parameter and pass it to hash o matic to hash it, is the password ever stored in the class?

 public class User
    {
        [BsonElement("_id")]
        [JsonProperty("_id")]
        [BsonId]
        [BsonRepresentation(BsonType.ObjectId)]
        public string Id { get; set; }

        [JsonProperty("auth_token")]
        [BsonIgnore]
        public string AuthToken { get; set; }

        public string Name { get; set; }

        public string Email { get; set; }

        public string Password { get; set; }

        [JsonIgnore]
        public string HashedPassword { get; set; }

        public bool IsAdmin { get; set; }

        public Dictionary<string, string> Preferences { get; set; }
    }
}

The parameters are input this way.

var user = new User { Name = name, Email = email, HashedPassword = PasswordHashOMatic.Hash(password) };

When is the password get and set method used in the model?

Hi @David_Thompson :wave:.

No, we are not storing the password, ideally, we should never store users’ raw passwords because of various privacy concerns.
Instead, it is recommended to store the hashed version(which can never be reversed back to the original value) so that we can use it to verify the same at a later point in time.

We are not using the get & set method on password anywhere in our app, and as far as I know, the password property is just there to provide a structure of a typical user in our app.

In case you have any doubts, please feel free to reach out to us.

Thanks and Regards.
Sourabh Bagrecha,
Curriculum Services Engineer