Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-13 17:35:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Always compare password with a hash

Browse Source 
Prevents quick response when user / email doesn't exist
This commit is contained in:
Peter Jaszkowiak
2017-11-01 18:57:52 -06:00
parent c9465403f5
commit ec38b18e34
1 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/password.js
View File

@@ -4,16 +4,39 @@ var path = require('path');
var fork = require('./meta/debugFork'); var fork = require('./meta/debugFork');
exports.hash = function (rounds, password, callback) { function hash(rounds, password, callback) {
forkChild({ type: 'hash', rounds: rounds, password: password }, callback); forkChild({ type: 'hash', rounds: rounds, password: password }, callback);
};
exports.compare = function (password, hash, callback) {
if (!hash || !password) {
return setImmediate(callback, null, false);
} }
forkChild({ type: 'compare', password: password, hash: hash }, callback);
}; exports.hash = hash;
var fakeHashCache;
function getFakeHash(callback) {
if (fakeHashCache) {
return callback(null, fakeHashCache);
}
hash(12, Math.random().toString(), function (err, hash) {
if (err) {
return callback(err);
}
fakeHashCache = hash;
callback(null, fakeHashCache);
});
}
function compare(password, hash, callback) {
getFakeHash(function (err, fakeHash) {
if (err) {
return callback(err);
}
forkChild({ type: 'compare', password: password, hash: hash || fakeHash }, callback);
});
}
exports.compare = compare;
function forkChild(message, callback) { function forkChild(message, callback) {
var child = fork(path.join(__dirname, 'bcrypt')); var child = fork(path.join(__dirname, 'bcrypt'));