Merge 4d666f8280 into 443d5cf554

2025-06-19 10:46:48 +02:00 · 2025-06-17 18:26:33 +02:00 · 2025-06-17 18:26:33 +02:00 · ee8ea87a48
commit ee8ea87a48
parent 443d5cf554 4d666f8280
6 changed files with 8 additions and 8 deletions
--- a/server/auth.js
+++ b/server/auth.js
@ -26,7 +26,7 @@ exports.login = async function (username, password) {
        // Upgrade the hash to bcrypt
        if (passwordHash.needRehash(user.password)) {
            await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
-                passwordHash.generate(password),
+                await passwordHash.generate(password),
                user.id,
            ]);
        }
--- a/server/model/user.js
+++ b/server/model/user.js
@ -14,7 +14,7 @@ class User extends BeanModel {
     */
    static async resetPassword(userID, newPassword) {
        await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
-            passwordHash.generate(newPassword),
+            await passwordHash.generate(newPassword),
            userID
        ]);
    }
@ -25,7 +25,7 @@ class User extends BeanModel {
     * @returns {Promise<void>}
     */
    async resetPassword(newPassword) {
-        const hashedPassword = passwordHash.generate(newPassword);
+        const hashedPassword = await passwordHash.generate(newPassword);

        await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
            hashedPassword,
--- a/server/password-hash.js
+++ b/server/password-hash.js
@ -5,10 +5,10 @@ const saltRounds = 10;
 /**
 * Hash a password
 * @param {string} password Password to hash
- * @returns {string} Hash
+ * @returns {Promise<string>} Hash
 */
 exports.generate = function (password) {
-    return bcrypt.hashSync(password, saltRounds);
+    return bcrypt.hash(password, saltRounds);
 };

 /**
--- a/server/server.js
+++ b/server/server.js
@ -674,7 +674,7 @@ let needSetup = false;

                let user = R.dispense("user");
                user.username = username;
-                user.password = passwordHash.generate(password);
+                user.password = await passwordHash.generate(password);
                await R.store(user);

                needSetup = false;
--- a/server/socket-handlers/api-key-socket-handler.js
+++ b/server/socket-handlers/api-key-socket-handler.js
@ -20,7 +20,7 @@ module.exports.apiKeySocketHandler = (socket) => {
            checkLogin(socket);

            let clearKey = nanoid(40);
-            let hashedKey = passwordHash.generate(clearKey);
+            let hashedKey = await passwordHash.generate(clearKey);
            key["key"] = hashedKey;
            let bean = await APIKey.save(key, socket.userID);

--- a/server/util-server.js
+++ b/server/util-server.js
@ -51,7 +51,7 @@ exports.initJWTSecret = async () => {
        jwtSecretBean.key = "jwtSecret";
    }

-    jwtSecretBean.value = passwordHash.generate(genSecret());
+    jwtSecretBean.value = await passwordHash.generate(genSecret());
    await R.store(jwtSecretBean);
    return jwtSecretBean;
 };