mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #1759 from overleaf/sk-disable-bcrypt-rounds-upgrade
Temporarily de-activate automatic upgrade of bcrypt rounds GitOrigin-RevId: 66dbe344c00253e4b6a8f883735e61d9133da62e
This commit is contained in:
parent
77de78e70b
commit
bd722dda8e
2 changed files with 25 additions and 0 deletions
|
@ -86,6 +86,9 @@ module.exports = AuthenticationManager =
|
|||
return callback(new Error("Password Reset Attempt Failed"))
|
||||
|
||||
checkRounds: (user, hashedPassword, password, callback = (error) ->) ->
|
||||
# Temporarily disable this function, TODO: re-enable this
|
||||
if Settings?.security?.disableBcryptRoundsUpgrades
|
||||
return callback()
|
||||
# check current number of rounds and rehash if necessary
|
||||
currentRounds = bcrypt.getRounds hashedPassword
|
||||
if currentRounds < BCRYPT_ROUNDS
|
||||
|
|
|
@ -148,6 +148,28 @@ describe "AuthenticationManager", ->
|
|||
it "should return the user", ->
|
||||
@callback.calledWith(null, @user).should.equal true
|
||||
|
||||
describe "when the hashed password matches but the number of rounds is too low, but upgrades disabled", ->
|
||||
beforeEach (done) ->
|
||||
@settings.security.disableBcryptRoundsUpgrades = true
|
||||
@user.hashedPassword = @hashedPassword = "asdfjadflasdf"
|
||||
@bcrypt.compare = sinon.stub().callsArgWith(2, null, true)
|
||||
@bcrypt.getRounds = sinon.stub().returns 7
|
||||
@AuthenticationManager.setUserPassword = sinon.stub().callsArgWith(2, null)
|
||||
@AuthenticationManager.authenticate email: @email, @unencryptedPassword, (error, user) =>
|
||||
@callback(error, user)
|
||||
done()
|
||||
|
||||
it "should not check the number of rounds", ->
|
||||
@bcrypt.getRounds.called.should.equal false
|
||||
|
||||
it "should not set the users password (with a higher number of rounds)", ->
|
||||
@AuthenticationManager.setUserPassword
|
||||
.calledWith("user-id", @unencryptedPassword)
|
||||
.should.equal false
|
||||
|
||||
it "should return the user", ->
|
||||
@callback.calledWith(null, @user).should.equal true
|
||||
|
||||
describe "when the user does not exist in the database", ->
|
||||
beforeEach ->
|
||||
@User.findOne = sinon.stub().callsArgWith(1, null, null)
|
||||
|
|
Loading…
Reference in a new issue