lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: security flaw on auth tokens, error handling

Browse source
This commit is contained in:
Sérgio Salgado 2021-04-06 19:12:36 +01:00 committed by Josh Harvey
parent 40974dd501
commit c00249586d
12 changed files with 185 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/new-admin/services/login.js
View file

@ -1,10 +1,5 @@
const db = require('../../db')
function checkUser (username) {
const sql = 'SELECT * FROM users WHERE username=$1'
return db.oneOrNone(sql, [username]).then(value => { return value.password }).catch(() => false)
}
function validateUser (username, password) {
const sql = 'SELECT id, username FROM users WHERE username=$1 AND password=$2'
const sqlUpdateLastAccessed = 'UPDATE users SET last_accessed = now() WHERE username=$1'
@ -18,6 +13,5 @@ function validateUser (username, password) {
}
module.exports = {
checkUser,
validateUser
}