Why do you have to the reflection api instead of plain.indexOf?

#1437 states that if plain is of type number indexOf breaks as it is a method on string instances. Using indexOf.call keeps this from breaking on numbers as it will cast it to string first.

I can remove the indexOf.call if it will help move things along.

The main thing I am worried about is users who have no passwords throwing and crashing.

The indexOf call was added as a bonus as address #1437

I would rather test if typeof plain === 'string'.

like this?

if (typeof plain !== 'string') {
  return;
}

@raymondfeng I don't think this really covers our use case. Most of our users coming in through github/twitter auth, they don't set passwords. We need to make sure users who do not have passwords do not crash the site just by logging in.

I can get ride of the indexOf reflection and just set it to this:

    UserModel.setter.password = function(plain) {
      if (!plain) {
        return;
      }
      if (plain.indexOf('$2a$') === 0 && plain.length === 60) {
        // The password is already hashed. It can be the case
        // when the instance is loaded from DB
        this.$password = plain;
      } else {
        this.$password = this.constructor.hashPassword(plain);
      }
    };

This prevents crashes when plain is undefined, which is the use case I am trying to solve, but won't do anything for the case when plain is a number, which I don't really need right now.

@raymondfeng How does that sound?

The following test returns for null, undefined, and non-strings.

if (typeof plain !== 'string') {
  return;
}

Got it. Will do.