mirror of
https://github.com/logto-io/logto.git
synced 2024-12-30 20:33:54 -05:00
fix(core): forgot password on the first access of migrated users (#6642)
Update packages/core/src/routes/interaction/verifications/profile-verification.ts Co-authored-by: wangsijie <sijiewg@gmail.com> fixing code duplication fixing eslint fix(core): changing the mock response
This commit is contained in:
parent
026f7e48bc
commit
a662b19db3
2 changed files with 13 additions and 4 deletions
|
@ -1,4 +1,4 @@
|
|||
import { InteractionEvent } from '@logto/schemas';
|
||||
import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
|
||||
import { createMockUtils, pickDefault } from '@logto/shared/esm';
|
||||
|
||||
import RequestError from '#src/errors/RequestError/index.js';
|
||||
|
@ -9,7 +9,11 @@ import type { Identifier } from '../types/index.js';
|
|||
const { jest } = import.meta;
|
||||
const { mockEsm } = createMockUtils(jest);
|
||||
|
||||
const findUserById = jest.fn().mockResolvedValue({ id: 'foo', passwordEncrypted: 'passwordHash' });
|
||||
const findUserById = jest.fn().mockResolvedValue({
|
||||
id: 'foo',
|
||||
passwordEncrypted: 'passwordHash',
|
||||
passwordEncryptionMethod: UsersPasswordEncryptionMethod.Argon2i,
|
||||
});
|
||||
|
||||
const tenantContext = new MockTenant(undefined, { users: { findUserById } });
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
import type { Profile, User } from '@logto/schemas';
|
||||
import { InteractionEvent } from '@logto/schemas';
|
||||
import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
|
||||
import { argon2Verify } from 'hash-wasm';
|
||||
|
||||
import RequestError from '#src/errors/RequestError/index.js';
|
||||
|
@ -192,10 +192,15 @@ export default async function verifyProfile(
|
|||
|
||||
const passwordProfile = passwordProfileResult.data;
|
||||
|
||||
const { passwordEncrypted: oldPasswordEncrypted } = await findUserById(accountId);
|
||||
const { passwordEncrypted: oldPasswordEncrypted, passwordEncryptionMethod } = await findUserById(
|
||||
accountId
|
||||
);
|
||||
|
||||
// Only compare password if the encryption method (algorithm) is Argon2i
|
||||
// if the user is migrated, this check will be skipped
|
||||
assertThat(
|
||||
!oldPasswordEncrypted ||
|
||||
passwordEncryptionMethod !== UsersPasswordEncryptionMethod.Argon2i ||
|
||||
!(await argon2Verify({ password: passwordProfile.password, hash: oldPasswordEncrypted })),
|
||||
new RequestError({ code: 'user.same_password', status: 422 })
|
||||
);
|
||||
|
|
Loading…
Reference in a new issue