diff --git a/server/auth.js b/server/auth.js index 597cf3d75..a4aed50b8 100644 --- a/server/auth.js +++ b/server/auth.js @@ -26,7 +26,7 @@ exports.login = async function (username, password) { // Upgrade the hash to bcrypt if (passwordHash.needRehash(user.password)) { await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [ - passwordHash.generate(password), + await passwordHash.generate(password), user.id, ]); } diff --git a/server/model/user.js b/server/model/user.js index 329402ff5..33277d485 100644 --- a/server/model/user.js +++ b/server/model/user.js @@ -14,7 +14,7 @@ class User extends BeanModel { */ static async resetPassword(userID, newPassword) { await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [ - passwordHash.generate(newPassword), + await passwordHash.generate(newPassword), userID ]); } @@ -25,7 +25,7 @@ class User extends BeanModel { * @returns {Promise} */ async resetPassword(newPassword) { - const hashedPassword = passwordHash.generate(newPassword); + const hashedPassword = await passwordHash.generate(newPassword); await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [ hashedPassword, diff --git a/server/password-hash.js b/server/password-hash.js index 83a23d9e6..19aec193b 100644 --- a/server/password-hash.js +++ b/server/password-hash.js @@ -5,10 +5,10 @@ const saltRounds = 10; /** * Hash a password * @param {string} password Password to hash - * @returns {string} Hash + * @returns {Promise} Hash */ exports.generate = function (password) { - return bcrypt.hashSync(password, saltRounds); + return bcrypt.hash(password, saltRounds); }; /** diff --git a/server/server.js b/server/server.js index e328ff470..5b2f41a2e 100644 --- a/server/server.js +++ b/server/server.js @@ -674,7 +674,7 @@ let needSetup = false; let user = R.dispense("user"); user.username = username; - user.password = passwordHash.generate(password); + user.password = await passwordHash.generate(password); await R.store(user); needSetup = false; diff --git a/server/socket-handlers/api-key-socket-handler.js b/server/socket-handlers/api-key-socket-handler.js index f76b90991..d88151294 100644 --- a/server/socket-handlers/api-key-socket-handler.js +++ b/server/socket-handlers/api-key-socket-handler.js @@ -20,7 +20,7 @@ module.exports.apiKeySocketHandler = (socket) => { checkLogin(socket); let clearKey = nanoid(40); - let hashedKey = passwordHash.generate(clearKey); + let hashedKey = await passwordHash.generate(clearKey); key["key"] = hashedKey; let bean = await APIKey.save(key, socket.userID); diff --git a/server/util-server.js b/server/util-server.js index 08df728ed..4cc833330 100644 --- a/server/util-server.js +++ b/server/util-server.js @@ -51,7 +51,7 @@ exports.initJWTSecret = async () => { jwtSecretBean.key = "jwtSecret"; } - jwtSecretBean.value = passwordHash.generate(genSecret()); + jwtSecretBean.value = await passwordHash.generate(genSecret()); await R.store(jwtSecretBean); return jwtSecretBean; };