Skip to content

Commit

Permalink
upd: rehash misskey passwords with argon2 on login
Browse files Browse the repository at this point in the history
  • Loading branch information
Mar0xy authored and KiTTYsh committed Oct 5, 2024
1 parent 68d5487 commit 1da0023
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions packages/backend/src/server/api/SigninApiService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
*/

import { Inject, Injectable } from '@nestjs/common';
//import bcrypt from 'bcryptjs';
import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import * as OTPAuth from 'otpauth';
import { IsNull } from 'typeorm';
Expand Down Expand Up @@ -124,7 +124,7 @@ export class SigninApiService {
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });

// Compare password
const same = await argon2.verify(profile.password!, password);
const same = await argon2.verify(profile.password!, password) || bcrypt.compareSync(password, profile.password!);

const fail = async (status?: number, failure?: { id: string }) => {
// Append signin history
Expand All @@ -141,6 +141,12 @@ export class SigninApiService {

if (!profile.twoFactorEnabled) {
if (same) {
if (profile.password!.startsWith('$2')) {
const newHash = await argon2.hash(password);
this.userProfilesRepository.update(user.id, {
password: newHash
});
}
return this.signinService.signin(request, reply, user);
} else {
return await fail(403, {
Expand All @@ -157,6 +163,12 @@ export class SigninApiService {
}

try {
if (profile.password!.startsWith('$2')) {
const newHash = await argon2.hash(password);
this.userProfilesRepository.update(user.id, {
password: newHash
});
}
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
return await fail(403, {
Expand Down

0 comments on commit 1da0023

Please sign in to comment.