0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-13 21:30:30 -05:00

fix(core): forgot password on the first access of migrated users (#6642)

Update packages/core/src/routes/interaction/verifications/profile-verification.ts

Co-authored-by: wangsijie <sijiewg@gmail.com>

fixing code duplication

fixing eslint

fix(core): changing the mock response
This commit is contained in:
Geison Goulart Piegas 2024-10-10 23:12:19 -03:00 committed by GitHub
parent 026f7e48bc
commit a662b19db3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 4 deletions

View file

@ -1,4 +1,4 @@
import { InteractionEvent } from '@logto/schemas';
import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
import { createMockUtils, pickDefault } from '@logto/shared/esm';
import RequestError from '#src/errors/RequestError/index.js';
@ -9,7 +9,11 @@ import type { Identifier } from '../types/index.js';
const { jest } = import.meta;
const { mockEsm } = createMockUtils(jest);
const findUserById = jest.fn().mockResolvedValue({ id: 'foo', passwordEncrypted: 'passwordHash' });
const findUserById = jest.fn().mockResolvedValue({
id: 'foo',
passwordEncrypted: 'passwordHash',
passwordEncryptionMethod: UsersPasswordEncryptionMethod.Argon2i,
});
const tenantContext = new MockTenant(undefined, { users: { findUserById } });

View file

@ -1,5 +1,5 @@
import type { Profile, User } from '@logto/schemas';
import { InteractionEvent } from '@logto/schemas';
import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
import { argon2Verify } from 'hash-wasm';
import RequestError from '#src/errors/RequestError/index.js';
@ -192,10 +192,15 @@ export default async function verifyProfile(
const passwordProfile = passwordProfileResult.data;
const { passwordEncrypted: oldPasswordEncrypted } = await findUserById(accountId);
const { passwordEncrypted: oldPasswordEncrypted, passwordEncryptionMethod } = await findUserById(
accountId
);
// Only compare password if the encryption method (algorithm) is Argon2i
// if the user is migrated, this check will be skipped
assertThat(
!oldPasswordEncrypted ||
passwordEncryptionMethod !== UsersPasswordEncryptionMethod.Argon2i ||
!(await argon2Verify({ password: passwordProfile.password, hash: oldPasswordEncrypted })),
new RequestError({ code: 'user.same_password', status: 422 })
);