serve.zone/onebox
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

fix: use compiled-safe password hashing
Release / build-and-release (push) Successful in 2m34s
Details

Browse Source
This commit is contained in:
Jürgen Kunz
2026-05-08 16:36:58 +00:00
parent cc6a81012c
commit 201602b733
7 changed files with 95 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/opsserver/handlers/admin.handler.ts
+1 -6
View File
@@ -2,7 +2,7 @@ import * as plugins from '../../plugins.ts';
import { logger } from '../../logging.ts';
import type { OpsServer } from '../classes.opsserver.ts';
import * as interfaces from '../../../ts_interfaces/index.ts';
import { hashPassword, needsPasswordUpgrade, verifyPassword } from '../../utils/auth.ts';
import { hashPassword, verifyPassword } from '../../utils/auth.ts';
export interface IJwtData {
userId: string;
@@ -112,11 +112,6 @@ export class AdminHandler {
throw new plugins.typedrequest.TypedResponseError('Invalid credentials');
}
if (needsPasswordUpgrade(user.passwordHash)) {
const upgradedHash = await hashPassword(dataArg.password);
this.opsServerRef.oneboxRef.database.updateUserPassword(user.username, upgradedHash);
}
const expiresAt = Date.now() + 24 * 3600 * 1000;
const freshUser = this.opsServerRef.oneboxRef.database.getUserByUsername(user.username) || user;
const identity = await this.createIdentityForUser(freshUser, expiresAt);