github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Only check existense of user password when using password auth

Browse Source 
Fixes #3831
This commit is contained in:
rijkvanzanten
2021-01-28 11:52:59 -05:00
parent 52948bcbce
commit 5632bd0ea7
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/services/authentication.ts
View File

@@ -46,12 +46,14 @@ export class AuthenticationService {
throw new InvalidCredentialsException();
}
if (!password || !user.password) {
throw new InvalidCredentialsException();
}
if (password !== undefined) {
if (!user.password) {
throw new InvalidCredentialsException();
}
if (password !== undefined && (await argon2.verify(user.password, password)) === false) {
throw new InvalidCredentialsException();
if ((await argon2.verify(user.password, password)) === false) {
throw new InvalidCredentialsException();
}
}
if (user.tfa_secret && !otp) {