Merge pull request #3698 from cdr/jsjoeio-fix-argon-issue
fix(isHashMatch): check that hash starts with $
This commit is contained in:
commit
faa896c12c
@ -166,14 +166,13 @@ export const hash = async (password: string): Promise<string> => {
|
|||||||
* Used to verify if the password matches the hash
|
* Used to verify if the password matches the hash
|
||||||
*/
|
*/
|
||||||
export const isHashMatch = async (password: string, hash: string) => {
|
export const isHashMatch = async (password: string, hash: string) => {
|
||||||
if (password === "" || hash === "") {
|
if (password === "" || hash === "" || !hash.startsWith("$")) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
return await argon2.verify(hash, password)
|
return await argon2.verify(hash, password)
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logger.error(error)
|
throw new Error(error)
|
||||||
return false
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,6 +189,17 @@ describe("isHashMatch", () => {
|
|||||||
const actual = await util.isHashMatch(password, _hash)
|
const actual = await util.isHashMatch(password, _hash)
|
||||||
expect(actual).toBe(false)
|
expect(actual).toBe(false)
|
||||||
})
|
})
|
||||||
|
it("should return false and not throw an error if the hash doesn't start with a $", async () => {
|
||||||
|
const password = "hellowpasssword"
|
||||||
|
const _hash = "n2i$v=19$m=4096,t=3,p=1$EAoczTxVki21JDfIZpTUxg$rkXgyrW4RDGoDYrxBFD4H2DlSMEhP4h+Api1hXnGnFY"
|
||||||
|
expect(async () => await util.isHashMatch(password, _hash)).not.toThrow()
|
||||||
|
expect(await util.isHashMatch(password, _hash)).toBe(false)
|
||||||
|
})
|
||||||
|
it("should reject the promise and throw if error", async () => {
|
||||||
|
const password = "hellowpasssword"
|
||||||
|
const _hash = "$ar2i"
|
||||||
|
expect(async () => await util.isHashMatch(password, _hash)).rejects.toThrow()
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe("hashLegacy", () => {
|
describe("hashLegacy", () => {
|
||||||
|
Reference in New Issue
Block a user