From 074cbca9a5d65f2f7c313f56053aa83b86b30bbf Mon Sep 17 00:00:00 2001
From: rijkvanzanten <rijkvanzanten@me.com>
Date: Wed, 24 Jun 2020 17:42:33 -0400
Subject: [PATCH] Check user pass based on hash

---
 src/services/auth.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/services/auth.ts b/src/services/auth.ts
index 5e3ebc402e..9794e5470d 100644
--- a/src/services/auth.ts
+++ b/src/services/auth.ts
@@ -1,6 +1,7 @@
 import database from '../database';
 import APIError, { ErrorCode } from '../error';
 import jwt from 'jsonwebtoken';
+import bcrypt from 'bcrypt';
 
 export const authenticate = async (email: string, password?: string) => {
 	const user = await database
@@ -20,8 +21,7 @@ export const authenticate = async (email: string, password?: string) => {
 	 * email to leak anywhere else.. We might have to make a dedicated "copy" of this function to
 	 * signal the difference
 	 */
-	if (password !== undefined && password !== user.password) {
-		/** @TODO implement password hash checking */
+	if (password !== undefined && (await bcrypt.compare(password, user.password)) === false) {
 		throw new APIError(ErrorCode.INVALID_USER_CREDENTIALS, 'Invalid user credentials');
 	}