jkunz
618d4d674f
- Implement unit tests for password handling in `auth_test.ts`, covering bcrypt and legacy password hashes. - Create a fake database for user management to facilitate testing of the `AdminHandler`. - Validate JWT-based identity verification against database records. - Introduce tests for credential encryption and registry management in `security_test.ts`. - Ensure registry passwords are securely stored and can be decrypted correctly, including legacy support. - Add utility functions for password hashing and verification in `auth.ts`.
29 lines
813 B
TypeScript
29 lines
813 B
TypeScript
import * as plugins from '../plugins.ts';
|
|
|
|
const bcryptHashPattern = /^\$2[abxy]\$\d\d\$/;
|
|
|
|
export function isBcryptHash(passwordHash: string): boolean {
|
|
return bcryptHashPattern.test(passwordHash);
|
|
}
|
|
|
|
export function needsPasswordUpgrade(passwordHash: string): boolean {
|
|
return !isBcryptHash(passwordHash);
|
|
}
|
|
|
|
export async function hashPassword(password: string): Promise<string> {
|
|
return await plugins.bcrypt.hash(password);
|
|
}
|
|
|
|
export async function verifyPassword(password: string, passwordHash: string): Promise<boolean> {
|
|
if (!passwordHash) {
|
|
return false;
|
|
}
|
|
|
|
if (isBcryptHash(passwordHash)) {
|
|
return await plugins.bcrypt.compare(password, passwordHash);
|
|
}
|
|
|
|
// Legacy compatibility for older databases that stored base64-encoded passwords.
|
|
return passwordHash === btoa(password);
|
|
}
|