Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 11:05:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: do not throw if password passed into isPasswordCorrect is invalid, just return false

Browse Source
This commit is contained in:
Julian Lam
2022-08-05 13:42:02 -04:00
parent 342cca35c1
commit 287f4c2c41
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/user/password.js
View File

@@ -26,7 +26,12 @@ module.exports = function (User) {
hashedPassword = '';
}
User.isPasswordValid(password, 0);
try {
User.isPasswordValid(password, 0);
} catch (e) {
return false;
}
await User.auth.logAttempt(uid, ip);
const ok = await Password.compare(password, hashedPassword, !!parseInt(shaWrapped, 10));
if (ok) {