Skip to content

Commit

Permalink
Fix: validatePassword function logic [Fixes 14174 ] (#14183)
Browse files Browse the repository at this point in the history
Updated the `validatePassword` function as mentioned in #14174 (comment)

also fixed the password validation logic in `signIn` function 

Fixes: #14174
  • Loading branch information
darshkpatel authored Jun 15, 2020
1 parent 66778c7 commit d68afed
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ export const resolvers = {
async signIn(_parent, args, context, _info) {
const user = await findUser({ email: args.input.email })

if (user && validatePassword(user, args.input.password)) {
if (user && (await validatePassword(user, args.input.password))) {
const session = {
id: user.id,
email: user.email,
Expand Down
7 changes: 3 additions & 4 deletions examples/api-routes-apollo-server-and-client-auth/lib/user.js
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,9 @@ export async function findUser({ email }) {
// Compare the password of an already fetched user (using `findUser`) and compare the
// password for a potential match
export async function validatePassword(user, inputPassword) {
const password = crypto
.pbkdf2Sync(user.hash, user.salt, 1000, 64, 'sha512')
const inputHash = crypto
.pbkdf2Sync(inputPassword, user.salt, 1000, 64, 'sha512')
.toString('hex')
const passwordsMatch = password === inputPassword

const passwordsMatch = user.hash === inputHash
return passwordsMatch
}

0 comments on commit d68afed

Please sign in to comment.