lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: implement argon2 and changed session data type to timestamptz

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-27 00:01:31 +01:00 committed by Josh Harvey
parent 86a245f6ba
commit 15769cd1bf
6 changed files with 185 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/users.js
View file

@ -1,7 +1,7 @@
const _ = require('lodash/fp')
const pgp = require('pg-promise')()
const crypto = require('crypto')
const bcrypt = require('bcrypt')
const argon2 = require('argon2')
const uuid = require('uuid')
const db = require('./db')
@ -107,7 +107,7 @@ function createAuthToken (userID, type) {
function updatePassword (token, id, password) {
return validateAuthToken(token, 'reset_password').then(res => {
if (!res.success) throw new Error('Failed to verify password reset token')
return bcrypt.hash(password, 12).then(function (hash) {
return argon2.hash(password).then(function (hash) {
return db.tx(t => {
const q1 = t.none(`UPDATE users SET password=$1 WHERE id=$2`, [hash, id])
const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
@ -136,7 +136,7 @@ function validateUserRegistrationToken (token) {
function register (token, username, password, role) {
return validateUserRegistrationToken(token).then(res => {
if (!res.success) throw new Error('Failed to verify registration token')
return bcrypt.hash(password, 12).then(hash => {
return argon2.hash(password).then(hash => {
return db.tx(t => {
const q1 = t.none(`INSERT INTO users (id, username, password, role) VALUES ($1, $2, $3, $4)`, [uuid.v4(), username, hash, role])
const q2 = t.none(`DELETE FROM user_register_tokens WHERE token=$1`, [token])