1
0
mirror of https://git.tuxpa.in/a/code-server.git synced 2024-12-26 12:15:26 +00:00

Merge pull request #3698 from cdr/jsjoeio-fix-argon-issue

fix(isHashMatch): check that hash starts with $
This commit is contained in:
Joe Previte 2021-07-01 10:33:29 -07:00 committed by GitHub
commit faa896c12c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 3 deletions

View File

@ -166,14 +166,13 @@ export const hash = async (password: string): Promise<string> => {
* Used to verify if the password matches the hash
*/
export const isHashMatch = async (password: string, hash: string) => {
if (password === "" || hash === "") {
if (password === "" || hash === "" || !hash.startsWith("$")) {
return false
}
try {
return await argon2.verify(hash, password)
} catch (error) {
logger.error(error)
return false
throw new Error(error)
}
}

View File

@ -189,6 +189,17 @@ describe("isHashMatch", () => {
const actual = await util.isHashMatch(password, _hash)
expect(actual).toBe(false)
})
it("should return false and not throw an error if the hash doesn't start with a $", async () => {
const password = "hellowpasssword"
const _hash = "n2i$v=19$m=4096,t=3,p=1$EAoczTxVki21JDfIZpTUxg$rkXgyrW4RDGoDYrxBFD4H2DlSMEhP4h+Api1hXnGnFY"
expect(async () => await util.isHashMatch(password, _hash)).not.toThrow()
expect(await util.isHashMatch(password, _hash)).toBe(false)
})
it("should reject the promise and throw if error", async () => {
const password = "hellowpasssword"
const _hash = "$ar2i"
expect(async () => await util.isHashMatch(password, _hash)).rejects.toThrow()
})
})
describe("hashLegacy", () => {