Implement admin password hashing with bcrypt (#3754)
* Add bcrypt hashing helpers * SetAdminPassword now hashes the password before saving it * BasicAuth now compares the bcrypt hash for the password * Modify migration2 to avoid a double password hash when upgrading * Add migration for bcrypt hashed password * Do not show admin password hash as initial value * Update api tests to compare the bcrypt hash of the admin password instead * Remove old admin password api tests --------- Co-authored-by: Gabe Kangas <gabek@real-ity.com>
This commit is contained in:
mahmed2000
@@ -1,4 +1,5 @@
|
||||
var request = require('supertest');
|
||||
var bcrypt = require('bcrypt');
|
||||
|
||||
const sendAdminRequest = require('./lib/admin').sendAdminRequest;
|
||||
const failAdminRequest = require('./lib/admin').failAdminRequest;
|
||||
@@ -166,7 +167,9 @@ test('verify default admin configuration', async (done) => {
|
||||
expect(res.body.yp.enabled).toBe(defaultYPConfig.enabled);
|
||||
// expect(res.body.yp.instanceUrl).toBe(defaultYPConfig.instanceUrl);
|
||||
|
||||
expect(res.body.adminPassword).toBe(defaultAdminPassword);
|
||||
bcrypt.compare(defaultAdminPassword, res.body.adminPassword, function (err, result) {
|
||||
expect(result).toBe(true);
|
||||
});
|
||||
|
||||
expect(res.body.s3.enabled).toBe(defaultS3Config.enabled);
|
||||
expect(res.body.s3.forcePathStyle).toBe(defaultS3Config.forcePathStyle);
|
||||
@@ -374,7 +377,9 @@ test('verify admin password change', async (done) => {
|
||||
(adminPassword = newAdminPassword)
|
||||
);
|
||||
|
||||
expect(res.body.adminPassword).toBe(newAdminPassword);
|
||||
bcrypt.compare(newAdminPassword, res.body.adminPassword, function(err, result) {
|
||||
expect(result).toBe(true);
|
||||
});
|
||||
done();
|
||||
});
|
||||
|
||||
@@ -448,7 +453,9 @@ test('verify updated admin configuration', async (done) => {
|
||||
expect(res.body.yp.enabled).toBe(newYPConfig.enabled);
|
||||
// expect(res.body.yp.instanceUrl).toBe(newYPConfig.instanceUrl);
|
||||
|
||||
expect(res.body.adminPassword).toBe(defaultAdminPassword);
|
||||
bcrypt.compare(defaultAdminPassword, res.body.adminPassword, function(err, result) {
|
||||
expect(result).toBe(true);
|
||||
})
|
||||
|
||||
expect(res.body.s3.enabled).toBe(newS3Config.enabled);
|
||||
expect(res.body.s3.endpoint).toBe(newS3Config.endpoint);
|
||||
|
||||
3497
test/automated/api/package-lock.json
generated
3497
test/automated/api/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -9,12 +9,13 @@
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"supertest": "^6.3.2",
|
||||
"websocket": "^1.0.32",
|
||||
"ajv": "^8.11.0",
|
||||
"ajv-draft-04": "^1.0.0",
|
||||
"bcrypt": "^5.1.1",
|
||||
"crypto-random": "^2.0.1",
|
||||
"jsonfile": "^6.1.0",
|
||||
"crypto-random": "^2.0.1"
|
||||
"supertest": "^6.3.2",
|
||||
"websocket": "^1.0.32"
|
||||
},
|
||||
"devDependencies": {
|
||||
"jest": "^29.7.0",
|
||||
|
||||
Reference in New Issue
Block a user