From 5e6e5d0e5ff27d9b15a173ae821ce5af529e1890 Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Sun, 17 Jan 2021 14:45:16 +0100
Subject: [PATCH] private: save token hashed

Auth tokens are now saved in hashed form.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 src/users/users.service.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/users/users.service.ts b/src/users/users.service.ts
index bde0de6ce..9de3730c0 100644
--- a/src/users/users.service.ts
+++ b/src/users/users.service.ts
@@ -41,7 +41,8 @@ export class UsersService {
     let accessToken = '';
     for (let i = 0; i < 100; i++) {
       try {
-        accessToken = crypt.randomBytes(64).toString();
+        const randomString = crypt.randomBytes(64).toString();
+        accessToken = await this.hashPassword(randomString);
         await this.getUserByAuthToken(accessToken);
       } catch (NotInDBError) {
         const token = AuthToken.create(user, identifier, accessToken);