self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-01-11 18:24:43 +02:00
Code Issues Releases Activity

Server: Fixed password hashing when changing password

Browse Source
This commit is contained in:
Laurent Cozic 2021-01-22 01:11:06 +00:00
parent 469143c2e8
commit 22a7668d4b
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
packages/server/src/routes/index/users.test.ts
View File

@ -128,12 +128,17 @@ describe('index_users', function() {
await patchUser(session.id, { id: user.id, email: 'test2@example.com' }); await patchUser(session.id, { id: user.id, email: 'test2@example.com' });
const modUser: User = await userModel.load(user.id); const modUser: User = await userModel.load(user.id);
expect(modUser.email).toBe('test2@example.com'); expect(modUser.email).toBe('test2@example.com');
});
// const previousPassword = modUser.password; test('should change the password', async function() {
// await patchUser(session.id, { id: user.id, password: 'abcdefgh', password2: 'abcdefgh' }); const { user, session } = await createUserAndSession(1, true);
// modUser = await userModel.load(user.id);
// expect(!!modUser.password).toBe(true); const userModel = models().user({ userId: user.id });
// expect(modUser.password === previousPassword).toBe(false);
await patchUser(session.id, { id: user.id, password: 'abcdefgh', password2: 'abcdefgh' });
const modUser = await userModel.login('user1@localhost', 'abcdefgh');
expect(!!modUser).toBe(true);
expect(modUser.id).toBe(user.id);
}); });
test('should get a user', async function() { test('should get a user', async function() {

3
packages/server/src/routes/index/users.ts
View File

@ -7,6 +7,7 @@ import { User } from '../../db';
import config from '../../config'; import config from '../../config';
import { View } from '../../services/MustacheService'; import { View } from '../../services/MustacheService';
import defaultView from '../../utils/defaultView'; import defaultView from '../../utils/defaultView';
import { hashPassword } from '../../utils/auth';
function makeUser(isNew: boolean, fields: any): User { function makeUser(isNew: boolean, fields: any): User {
const user: User = {}; const user: User = {};
@ -16,7 +17,7 @@ function makeUser(isNew: boolean, fields: any): User {
if (fields.password) { if (fields.password) {
if (fields.password !== fields.password2) throw new ErrorUnprocessableEntity('Passwords do not match'); if (fields.password !== fields.password2) throw new ErrorUnprocessableEntity('Passwords do not match');
user.password = fields.password; user.password = hashPassword(fields.password);
} }
if (!isNew) user.id = fields.id; if (!isNew) user.id = fields.id;