Browse Source

fix(nocodb): prevent from hashing a null salt

pull/5043/head
Wing-Kam Wong 2 years ago
parent
commit
83eed319d8
  1. 7
      packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
  2. 6
      packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
  3. 5
      packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts

7
packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

@ -207,6 +207,13 @@ export function initStrategies(router): void {
if (!user) { if (!user) {
return done({ msg: `Email ${email} is not registered!` }); return done({ msg: `Email ${email} is not registered!` });
} }
if (!user.salt) {
return done({
msg: `Please sign up with the invite token first!`,
});
}
const hashedPassword = await promisify(bcrypt.hash)( const hashedPassword = await promisify(bcrypt.hash)(
password, password,
user.salt user.salt

6
packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts

@ -162,7 +162,11 @@ export default class GqlAuthResolver {
if (!user) { if (!user) {
return done({ msg: `Email ${email} is not registered!` }); return done({ msg: `Email ${email} is not registered!` });
} }
if (!user.salt) {
return done({
msg: `Please sign up with the invite token first!`,
});
}
const hashedPassword = await promisify(bcrypt.hash)( const hashedPassword = await promisify(bcrypt.hash)(
password, password,
user.salt user.salt

5
packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts

@ -334,6 +334,11 @@ export default class RestAuthCtrl {
if (!user) { if (!user) {
return done({ msg: `Email ${email} is not registered!` }); return done({ msg: `Email ${email} is not registered!` });
} }
if (!user.salt) {
return done({
msg: `Please sign up with the invite token first!`,
});
}
const hashedPassword = await promisify(bcrypt.hash)( const hashedPassword = await promisify(bcrypt.hash)(
password, password,
user.salt user.salt

Loading…
Cancel
Save