lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: implement argon2 and changed session data type to timestamptz

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-27 00:01:31 +01:00 committed by Josh Harvey
parent 86a245f6ba
commit 15769cd1bf
6 changed files with 185 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/new-admin/graphql/modules/authentication.js
View file

@ -1,5 +1,5 @@
const otplib = require('otplib')
const bcrypt = require('bcrypt')
const argon2 = require('argon2')
const loginHelper = require('../../services/login')
const T = require('../../../time')
@ -14,7 +14,7 @@ const authenticateUser = (username, password) => {
.then(user => {
const hashedPassword = user.password
if (!hashedPassword || !user.enabled) throw new authErrors.InvalidCredentialsError()
return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
return Promise.all([argon2.verify(hashedPassword, password), hashedPassword])
})
.then(([isMatch, hashedPassword]) => {
if (!isMatch) throw new authErrors.InvalidCredentialsError()
@ -76,7 +76,7 @@ const get2FASecret = (username, password) => {
return authenticateUser(username, password)
.then(user => {
const secret = otplib.authenticator.generateSecret()
const otpauth = otplib.authenticator.keyuri(user.username, 'Lamassu Industries', secret)
const otpauth = otplib.authenticator.keyuri(user.username, 'Lamassu', secret)
return Promise.all([users.saveTemp2FASecret(user.id, secret), secret, otpauth])
})
.then(([_, secret, otpauth]) => {
@ -125,7 +125,7 @@ const validateReset2FALink = token => {
})
.then(user => {
const secret = otplib.authenticator.generateSecret()
const otpauth = otplib.authenticator.keyuri(user.username, 'Lamassu Industries', secret)
const otpauth = otplib.authenticator.keyuri(user.username, 'Lamassu', secret)
return Promise.all([users.saveTemp2FASecret(user.id, secret), user, secret, otpauth])
})
.then(([_, user, secret, otpauth]) => {

2
lib/new-admin/graphql/types/transaction.type.js
View file

@ -47,7 +47,7 @@ const typeDef = gql`
type Query {
transactions(from: Date, until: Date, limit: Int, offset: Int, deviceId: ID): [Transaction] @auth
transactionsCsv(from: Date, until: Date, limit: Int, offset: Int): String
transactionsCsv(from: Date, until: Date, limit: Int, offset: Int): String @auth
}
`