github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-30 21:57:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Check user pass based on hash

Browse Source
This commit is contained in:
rijkvanzanten
2020-06-24 17:42:33 -04:00
parent d74bfebe8e
commit 074cbca9a5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/services/auth.ts
View File

@@ -1,6 +1,7 @@
import database from '../database';
import APIError, { ErrorCode } from '../error';
import jwt from 'jsonwebtoken';
import bcrypt from 'bcrypt';
export const authenticate = async (email: string, password?: string) => {
const user = await database
@@ -20,8 +21,7 @@ export const authenticate = async (email: string, password?: string) => {
* email to leak anywhere else.. We might have to make a dedicated "copy" of this function to
* signal the difference
*/
if (password !== undefined && password !== user.password) {
/** @TODO implement password hash checking */
if (password !== undefined && (await bcrypt.compare(password, user.password)) === false) {
throw new APIError(ErrorCode.INVALID_USER_CREDENTIALS, 'Invalid user credentials');
}