From bcd3c9ee502c17feb03527b091a4e01da342dbbe Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 16 Jun 2022 17:14:18 +0530 Subject: [PATCH] fix: invalidate token if admin email or password changed - Invalidate old token if admin email changed in env - Invalidate token if password updated in env - Avoid unnecessary update if both email and passwords are same Signed-off-by: Pranav C --- .../lib/meta/api/userApi/initAdminFromEnv.ts | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts index 81885ed12d..5f32fefcee 100644 --- a/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts +++ b/packages/nocodb/src/lib/meta/api/userApi/initAdminFromEnv.ts @@ -169,7 +169,8 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { salt, email, password, - email_verification_token + email_verification_token, + token_version: null }, ncMeta ); @@ -181,22 +182,32 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) { salt, email, password, - email_verification_token + email_verification_token, + token_version: null }, ncMeta ); } } else { - // if email's are not different update the password and hash - await User.update( - superUser.id, - { - salt, - password, - email_verification_token - }, - ncMeta + const newPasswordHash = await promisify(bcrypt.hash)( + process.env.NC_ADMIN_PASSWORD, + superUser.hash ); + + if (newPasswordHash !== superUser.password) { + // if email's are same and passwords are different + // then update the password and token version + await User.update( + superUser.id, + { + salt, + password, + email_verification_token, + token_version: null + }, + ncMeta + ); + } } } await ncMeta.commit();