LogalDeveloper/owncast
0
Fork 0
Code Activity

Implement admin password hashing with bcrypt (#3754)

Browse Source 
* Add bcrypt hashing helpers

* SetAdminPassword now hashes the password before saving it

* BasicAuth now compares the bcrypt hash for the password

* Modify migration2 to avoid a double password hash when upgrading

* Add migration for bcrypt hashed password

* Do not show admin password hash as initial value

* Update api tests to compare the bcrypt hash of the admin password instead

* Remove old admin password api tests

---------

Co-authored-by: Gabe Kangas <gabek@real-ity.com>
This commit is contained in:
mahmed2000
2024-06-27 09:20:22 +05:00
committed by GitHub
parent 51cd16dcc1
commit a7e5f20337
8 changed files with 497 additions and 3061 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/automated/api/009_configmanagement.test.js
View File

@@ -1,4 +1,5 @@
var request = require('supertest');
var bcrypt = require('bcrypt');
const sendAdminRequest = require('./lib/admin').sendAdminRequest;
const failAdminRequest = require('./lib/admin').failAdminRequest;
@@ -166,7 +167,9 @@ test('verify default admin configuration', async (done) => {
expect(res.body.yp.enabled).toBe(defaultYPConfig.enabled);
// expect(res.body.yp.instanceUrl).toBe(defaultYPConfig.instanceUrl);
expect(res.body.adminPassword).toBe(defaultAdminPassword);
bcrypt.compare(defaultAdminPassword, res.body.adminPassword, function (err, result) {
expect(result).toBe(true);
});
expect(res.body.s3.enabled).toBe(defaultS3Config.enabled);
expect(res.body.s3.forcePathStyle).toBe(defaultS3Config.forcePathStyle);
@@ -374,7 +377,9 @@ test('verify admin password change', async (done) => {
(adminPassword = newAdminPassword)
);
expect(res.body.adminPassword).toBe(newAdminPassword);
bcrypt.compare(newAdminPassword, res.body.adminPassword, function(err, result) {
expect(result).toBe(true);
});
done();
});
@@ -448,7 +453,9 @@ test('verify updated admin configuration', async (done) => {
expect(res.body.yp.enabled).toBe(newYPConfig.enabled);
// expect(res.body.yp.instanceUrl).toBe(newYPConfig.instanceUrl);
expect(res.body.adminPassword).toBe(defaultAdminPassword);
bcrypt.compare(defaultAdminPassword, res.body.adminPassword, function(err, result) {
expect(result).toBe(true);
})
expect(res.body.s3.enabled).toBe(newS3Config.enabled);
expect(res.body.s3.endpoint).toBe(newS3Config.endpoint);