Skip to content

Commit

Permalink
fix(security): skip cache when checking old passwd
Browse files Browse the repository at this point in the history
  • Loading branch information
@KernelDeimos
KernelDeimos committed Apr 25, 2024
1 parent 25eea41 commit 7800ef6
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 13 deletions.
24 changes: 13 additions & 11 deletions packages/backend/src/helpers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ async function id2uuid(id){

const cached = options.cached ?? true;

if ( cached ) {
if ( cached && ! options.force ) {
if (options.username) user = kv.get('users:username:' + options.username);
else if (options.email) user = kv.get('users:email:' + options.email);
else if (options.uuid) user = kv.get('users:uuid:' + options.uuid);
Expand All @@ -194,16 +194,18 @@ async function id2uuid(id){
if ( user ) return user;
}

if(options.username)
user = await db.read("SELECT * FROM `user` WHERE `username` = ? LIMIT 1", [options.username]);
else if(options.email)
user = await db.read("SELECT * FROM `user` WHERE `email` = ? LIMIT 1", [options.email]);
else if(options.uuid)
user = await db.read("SELECT * FROM `user` WHERE `uuid` = ? LIMIT 1", [options.uuid]);
else if(options.id)
user = await db.read("SELECT * FROM `user` WHERE `id` = ? LIMIT 1", [options.id]);
else if(options.referral_code)
user = await db.read("SELECT * FROM `user` WHERE `referral_code` = ? LIMIT 1", [options.referral_code]);
if ( ! options.force ) {
if(options.username)
user = await db.read("SELECT * FROM `user` WHERE `username` = ? LIMIT 1", [options.username]);
else if(options.email)
user = await db.read("SELECT * FROM `user` WHERE `email` = ? LIMIT 1", [options.email]);
else if(options.uuid)
user = await db.read("SELECT * FROM `user` WHERE `uuid` = ? LIMIT 1", [options.uuid]);
else if(options.id)
user = await db.read("SELECT * FROM `user` WHERE `id` = ? LIMIT 1", [options.id]);
else if(options.referral_code)
user = await db.read("SELECT * FROM `user` WHERE `referral_code` = ? LIMIT 1", [options.referral_code]);
}

if(!user || !user[0]){
if(options.username)
Expand Down
5 changes: 3 additions & 2 deletions packages/backend/src/routers/passwd.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
*/
"use strict"
const express = require('express');
const { invalidate_cached_user } = require('../helpers');
const { invalidate_cached_user, get_user } = require('../helpers');
const router = new express.Router();
const auth = require('../middleware/auth.js');
const { DB_WRITE } = require('../services/database/consts');
Expand Down Expand Up @@ -51,8 +51,9 @@ router.post('/passwd', auth, express.json(), async (req, res, next)=>{
}

try{
const user = await get_user({ id: req.user.id, force: true });
// check old_pass
const isMatch = await bcrypt.compare(req.body.old_pass, req.user.password)
const isMatch = await bcrypt.compare(req.body.old_pass, user.password)
if(!isMatch)
return res.status(400).send('old_pass does not match your current password.')
// check new_pass length
Expand Down

0 comments on commit 7800ef6

Please sign in to comment.