github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Switch to parseInt; Use safer method of extracting rounds

Browse Source
This commit is contained in:
Hugh Willson
2017-10-19 07:41:12 -04:00
committed by Ben Newman
parent 6af071b417
commit 1687537f6e
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/accounts-password/password_server.js
View File

@@ -53,8 +53,16 @@ var hashPassword = function (password) {
};
// Extract the number of rounds used in the specified bcrypt hash.
const getRoundsFromBcryptHash =
hash => hash ? Number(hash.substring(4, 6)) : null;
const getRoundsFromBcryptHash = hash => {
let rounds;
if (hash) {
const hashSegments = hash.split('$');
if (hashSegments.length > 2) {
rounds = parseInt(hashSegments[2], 10);
}
}
return rounds;
};
// Check whether the provided password matches the bcrypt'ed password in
// the database user record. `password` can be a string (in which case