Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-10 08:50:57 -05:00
Code Issues Activity

Normalize password derivation.

Browse source
This commit is contained in:
Andrey Antukh 2020-09-15 14:58:00 +02:00 committed by Alonso Torres
parent 7c068621cf
commit b879860833
1 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
backend/src/app/services/mutations/profile.clj
View file

@ -107,13 +107,21 @@
:code ::email-already-exists)) :code ::email-already-exists))
params)) params))
(defn- derive-password
[password]
(hashers/derive password {:alg :bcrypt+sha512}))
(defn- verify-password
[attempt password]
(hashers/check attempt password))
(defn- create-profile (defn- create-profile
"Create the profile entry on the database with limited input "Create the profile entry on the database with limited input
filling all the other fields with defaults." filling all the other fields with defaults."
[conn {:keys [id fullname email password demo?] :as params}] [conn {:keys [id fullname email password demo?] :as params}]
(let [id (or id (uuid/next)) (let [id (or id (uuid/next))
demo? (if (boolean? demo?) demo? false) demo? (if (boolean? demo?) demo? false)
paswd (hashers/derive password {:alg :bcrypt+sha512})] paswd (derive-password password)]
(db/insert! conn :profile (db/insert! conn :profile
{:id id {:id id
:fullname fullname :fullname fullname
@ -158,7 +166,7 @@
(when (= (:password profile) "!") (when (= (:password profile) "!")
(ex/raise :type :validation (ex/raise :type :validation
:code ::account-without-password)) :code ::account-without-password))
(hashers/check password (:password profile))) (verify-password password (:password profile)))
(validate-profile [profile] (validate-profile [profile]
(when-not profile (when-not profile
@ -241,7 +249,7 @@
(defn- validate-password! (defn- validate-password!
[conn {:keys [profile-id old-password] :as params}] [conn {:keys [profile-id old-password] :as params}]
(let [profile (profile/retrieve-profile-data conn profile-id)] (let [profile (profile/retrieve-profile-data conn profile-id)]
(when-not (hashers/check old-password (:password profile)) (when-not (verify-password old-password (:password profile))
(ex/raise :type :validation (ex/raise :type :validation
:code ::old-password-not-match)))) :code ::old-password-not-match))))
@ -253,7 +261,7 @@
(db/with-atomic [conn db/pool] (db/with-atomic [conn db/pool]
(validate-password! conn params) (validate-password! conn params)
(db/update! conn :profile (db/update! conn :profile
{:password (hashers/derive password {:alg :bcrypt+sha512})} {:password (derive-password password)}
{:id profile-id}) {:id profile-id})
nil)) nil))
@ -452,7 +460,7 @@
(:profile-id tpayload))) (:profile-id tpayload)))
(update-password [conn profile-id] (update-password [conn profile-id]
(let [pwd (hashers/derive password {:alg :bcrypt+sha512})] (let [pwd (derive-password password)]
(db/update! conn :profile {:password pwd} {:id profile-id}))) (db/update! conn :profile {:password pwd} {:id profile-id})))
(delete-token [conn token] (delete-token [conn token]