mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-01-11 06:22:55 +00:00
private: save token hashed
Auth tokens are now saved in hashed form. Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
37a9f6526b
commit
5e6e5d0e5f
1 changed files with 2 additions and 1 deletions
|
@ -41,7 +41,8 @@ export class UsersService {
|
||||||
let accessToken = '';
|
let accessToken = '';
|
||||||
for (let i = 0; i < 100; i++) {
|
for (let i = 0; i < 100; i++) {
|
||||||
try {
|
try {
|
||||||
accessToken = crypt.randomBytes(64).toString();
|
const randomString = crypt.randomBytes(64).toString();
|
||||||
|
accessToken = await this.hashPassword(randomString);
|
||||||
await this.getUserByAuthToken(accessToken);
|
await this.getUserByAuthToken(accessToken);
|
||||||
} catch (NotInDBError) {
|
} catch (NotInDBError) {
|
||||||
const token = AuthToken.create(user, identifier, accessToken);
|
const token = AuthToken.create(user, identifier, accessToken);
|
||||||
|
|
Loading…
Reference in a new issue