mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-16 16:14:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

private: fixed token generation bugs

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-17 19:52:08 +01:00 committed by David Mehren
parent c232707a89
commit 97f7128355
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/users/users.service.ts
View file

@ -39,19 +39,24 @@ export class UsersService {
): Promise<AuthToken> { ): Promise<AuthToken> {
const user = await this.getUserByUsername(userName); const user = await this.getUserByUsername(userName);
let accessToken = ''; let accessToken = '';
let randomString = '';
for (let i = 0; i < 100; i++) { for (let i = 0; i < 100; i++) {
try { try {
const randomString = crypt.randomBytes(64).toString(); randomString = crypt.randomBytes(64).toString("base64");
accessToken = await this.hashPassword(randomString); accessToken = await this.hashPassword(randomString);
await this.getUserByAuthToken(accessToken); await this.getUserByAuthToken(accessToken);
} catch (NotInDBError) { } catch (NotInDBError) {
const token = AuthToken.create(user, identifier, accessToken); const token = AuthToken.create(user, identifier, accessToken);
return this.authTokenRepository.save(token); const createdToken = this.authTokenRepository.save(token);
return {
accessToken: randomString,
...createdToken
}
} }
} }
// This should never happen // This should never happen
throw new RandomnessError( throw new RandomnessError(
'You machine is not able to generate not-in-use tokens. This should never happen.', 'Your machine is not able to generate not-in-use tokens. This should never happen.',
); );
} }