fix: changing passwords, 2fa, and password resets.
The argon2 usage was only implemented for sign-ins which broke a bunch of other endpoints and features.
This commit is contained in:
parent
e4b1e3225e
commit
b28ba9f82f
15 changed files with 31 additions and 35 deletions
|
@ -1,4 +1,3 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import { generateKeyPair } from "node:crypto";
|
||||
import generateUserToken from "./generate-native-user-token.js";
|
||||
import { User } from "@/models/entities/user.js";
|
||||
|
@ -12,6 +11,7 @@ import { usersChart } from "@/services/chart/index.js";
|
|||
import { UsedUsername } from "@/models/entities/used-username.js";
|
||||
import { db } from "@/db/postgre.js";
|
||||
import config from "@/config/index.js";
|
||||
import { hashPassword } from "@/misc/password.js";
|
||||
|
||||
export async function signup(opts: {
|
||||
username: User["username"];
|
||||
|
@ -42,8 +42,7 @@ export async function signup(opts: {
|
|||
}
|
||||
|
||||
// Generate hash of password
|
||||
const salt = await bcrypt.genSalt(8);
|
||||
hash = await bcrypt.hash(password, salt);
|
||||
hash = await hashPassword(password);
|
||||
}
|
||||
|
||||
// Generate secret
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
import define from "../../define.js";
|
||||
import bcrypt from "bcryptjs";
|
||||
// import bcrypt from "bcryptjs";
|
||||
import rndstr from "rndstr";
|
||||
import { Users, UserProfiles } from "@/models/index.js";
|
||||
import { hashPassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
tags: ["admin"],
|
||||
|
@ -47,7 +48,8 @@ export default define(meta, paramDef, async (ps) => {
|
|||
const passwd = rndstr("a-zA-Z0-9", 8);
|
||||
|
||||
// Generate hash of password
|
||||
const hash = bcrypt.hashSync(passwd);
|
||||
// const hash = bcrypt.hashSync(passwd);
|
||||
const hash = await hashPassword(passwd);
|
||||
|
||||
await UserProfiles.update(
|
||||
{
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import { promisify } from "node:util";
|
||||
import * as cbor from "cbor";
|
||||
import define from "../../../define.js";
|
||||
|
@ -11,6 +10,7 @@ import {
|
|||
import config from "@/config/index.js";
|
||||
import { procedures, hash } from "../../../2fa.js";
|
||||
import { publishMainStream } from "@/services/stream.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
const cborDecodeFirst = promisify(cbor.decodeFirst) as any;
|
||||
const rpIdHashReal = hash(Buffer.from(config.hostname, "utf-8"));
|
||||
|
@ -43,7 +43,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import define from "../../../define.js";
|
||||
import { UserProfiles, AttestationChallenges } from "@/models/index.js";
|
||||
import { promisify } from "node:util";
|
||||
import * as crypto from "node:crypto";
|
||||
import { genId } from "@/misc/gen-id.js";
|
||||
import { hash } from "../../../2fa.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
const randomBytes = promisify(crypto.randomBytes);
|
||||
|
||||
|
@ -26,7 +26,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import * as speakeasy from "speakeasy";
|
||||
import * as QRCode from "qrcode";
|
||||
import config from "@/config/index.js";
|
||||
import { UserProfiles } from "@/models/index.js";
|
||||
import define from "../../../define.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
requireCredential: true,
|
||||
|
@ -23,7 +23,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
import define from "../../../define.js";
|
||||
import { UserProfiles, UserSecurityKeys, Users } from "@/models/index.js";
|
||||
import { publishMainStream } from "@/services/stream.js";
|
||||
|
@ -22,7 +22,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import define from "../../../define.js";
|
||||
import { UserProfiles } from "@/models/index.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
requireCredential: true,
|
||||
|
@ -20,7 +20,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import define from "../../define.js";
|
||||
import { UserProfiles } from "@/models/index.js";
|
||||
import { hashPassword, comparePassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
requireCredential: true,
|
||||
|
@ -21,15 +21,14 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.currentPassword, profile.password!);
|
||||
const same = await comparePassword(ps.currentPassword, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
}
|
||||
|
||||
// Generate hash of password
|
||||
const salt = await bcrypt.genSalt(8);
|
||||
const hash = await bcrypt.hash(ps.newPassword, salt);
|
||||
const hash = await hashPassword(ps.newPassword);
|
||||
|
||||
await UserProfiles.update(user.id, {
|
||||
password: hash,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import { UserProfiles, Users } from "@/models/index.js";
|
||||
import { deleteAccount } from "@/services/delete-account.js";
|
||||
import define from "../../define.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
requireCredential: true,
|
||||
|
@ -25,7 +25,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
}
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import {
|
||||
publishInternalEvent,
|
||||
publishMainStream,
|
||||
|
@ -7,6 +6,7 @@ import {
|
|||
import generateUserToken from "../../common/generate-native-user-token.js";
|
||||
import define from "../../define.js";
|
||||
import { Users, UserProfiles } from "@/models/index.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
requireCredential: true,
|
||||
|
@ -29,7 +29,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new Error("incorrect password");
|
||||
|
|
|
@ -2,12 +2,12 @@ import { publishMainStream } from "@/services/stream.js";
|
|||
import define from "../../define.js";
|
||||
import rndstr from "rndstr";
|
||||
import config from "@/config/index.js";
|
||||
import bcrypt from "bcryptjs";
|
||||
import { Users, UserProfiles } from "@/models/index.js";
|
||||
import { sendEmail } from "@/services/send-email.js";
|
||||
import { ApiError } from "../../error.js";
|
||||
import { validateEmailForAccount } from "@/services/validate-email-for-account.js";
|
||||
import { HOUR } from "@/const.js";
|
||||
import { comparePassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
requireCredential: true,
|
||||
|
@ -47,7 +47,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
|
||||
|
||||
// Compare password
|
||||
const same = await bcrypt.compare(ps.password, profile.password!);
|
||||
const same = await comparePassword(ps.password, profile.password!);
|
||||
|
||||
if (!same) {
|
||||
throw new ApiError(meta.errors.incorrectPassword);
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import { publishMainStream } from "@/services/stream.js";
|
||||
import { Users, UserProfiles, PasswordResetRequests } from "@/models/index.js";
|
||||
import define from "../define.js";
|
||||
import { ApiError } from "../error.js";
|
||||
import { hashPassword } from "@/misc/password.js";
|
||||
|
||||
export const meta = {
|
||||
tags: ["reset password"],
|
||||
|
@ -34,8 +34,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
}
|
||||
|
||||
// Generate hash of password
|
||||
const salt = await bcrypt.genSalt(8);
|
||||
const hash = await bcrypt.hash(ps.password, salt);
|
||||
const hash = await hashPassword(ps.password);
|
||||
|
||||
await UserProfiles.update(req.userId, {
|
||||
password: hash,
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
import type Koa from "koa";
|
||||
import bcrypt from "bcryptjs";
|
||||
import * as speakeasy from "speakeasy";
|
||||
import signin from "../common/signin.js";
|
||||
import config from "@/config/index.js";
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
import type Koa from "koa";
|
||||
import rndstr from "rndstr";
|
||||
import bcrypt from "bcryptjs";
|
||||
import { fetchMeta } from "@/misc/fetch-meta.js";
|
||||
import { verifyHcaptcha, verifyRecaptcha } from "@/misc/captcha.js";
|
||||
import { Users, RegistrationTickets, UserPendings } from "@/models/index.js";
|
||||
|
@ -9,6 +8,7 @@ import config from "@/config/index.js";
|
|||
import { sendEmail } from "@/services/send-email.js";
|
||||
import { genId } from "@/misc/gen-id.js";
|
||||
import { validateEmailForAccount } from "@/services/validate-email-for-account.js";
|
||||
import { hashPassword } from "@/misc/password.js";
|
||||
|
||||
export default async (ctx: Koa.Context) => {
|
||||
const body = ctx.request.body;
|
||||
|
@ -79,8 +79,7 @@ export default async (ctx: Koa.Context) => {
|
|||
const code = rndstr("a-z0-9", 16);
|
||||
|
||||
// Generate hash of password
|
||||
const salt = await bcrypt.genSalt(8);
|
||||
const hash = await bcrypt.hash(password, salt);
|
||||
const hash = await hashPassword(password);
|
||||
|
||||
await UserPendings.insert({
|
||||
id: genId(),
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import bcrypt from "bcryptjs";
|
||||
import { v4 as uuid } from "uuid";
|
||||
import generateNativeUserToken from "../server/api/common/generate-native-user-token.js";
|
||||
import { genRsaKeyPair } from "@/misc/gen-key-pair.js";
|
||||
|
@ -9,13 +8,13 @@ import { genId } from "@/misc/gen-id.js";
|
|||
import { UserKeypair } from "@/models/entities/user-keypair.js";
|
||||
import { UsedUsername } from "@/models/entities/used-username.js";
|
||||
import { db } from "@/db/postgre.js";
|
||||
import { hashPassword } from "@/misc/password.js";
|
||||
|
||||
export async function createSystemUser(username: string) {
|
||||
const password = uuid();
|
||||
|
||||
// Generate hash of password
|
||||
const salt = await bcrypt.genSalt(8);
|
||||
const hash = await bcrypt.hash(password, salt);
|
||||
const hash = await hashPassword(password);
|
||||
|
||||
// Generate secret
|
||||
const secret = generateNativeUserToken();
|
||||
|
|
Loading…
Add table
Reference in a new issue