supernets/hardlounge
supernets/hardlounge
4
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Only update bcrypt password rounds if the password actually matches

Browse Source
This commit is contained in:
Pavel Djundik 2017-06-02 11:02:03 +03:00 committed by GitHub
parent 1f1b025b81
commit b46f92c7d8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/server.js
View File

@ -287,7 +287,7 @@ function localAuth(client, user, password, callback) {
Helper.password Helper.password
.compare(password, client.config.password) .compare(password, client.config.password)
.then(matching => { .then(matching => {
if (Helper.password.requiresUpdate(client.config.password)) { if (matching && Helper.password.requiresUpdate(client.config.password)) {
const hash = Helper.password.hash(password); const hash = Helper.password.hash(password);
client.setPassword(hash, success => { client.setPassword(hash, success => {