Use brcrypt.compare for password validation instead of compareSync (#…

…7612) Signed-off-by: Vinit Sarvade <vinit.sarvade.08@gmail.com>
strapi · Sep 1, 2020 · dcd5254 · dcd5254 · mattf96s · Dec 9, 2020
1 parent 77be3ea
commit dcd5254
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 7 deletions.
diff --git a/packages/strapi-plugin-documentation/config/policies/index.js b/packages/strapi-plugin-documentation/config/policies/index.js
@@ -17,7 +17,7 @@ module.exports = async (ctx, next) => {
       `${strapi.config.server.url}${strapi.plugins.documentation.config['x-strapi-config'].path}/login${querystring}`
     );
   }
-  const isValid = strapi.plugins['users-permissions'].services.user.validatePassword(
+  const isValid = await strapi.plugins['users-permissions'].services.user.validatePassword(
     ctx.session.documentation,
     config.password
   );

diff --git a/packages/strapi-plugin-documentation/controllers/Documentation.js b/packages/strapi-plugin-documentation/controllers/Documentation.js
@@ -158,7 +158,7 @@ module.exports = {
       })
       .get();
 
-    const isValid = strapi.plugins['users-permissions'].services.user.validatePassword(
+    const isValid = await strapi.plugins['users-permissions'].services.user.validatePassword(
       password,
       storedPassword
     );

diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -115,10 +115,9 @@ module.exports = {
         );
       }
 
-      const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(
-        params.password,
-        user.password
-      );
+      const validPassword = await strapi.plugins[
+        'users-permissions'
+      ].services.user.validatePassword(params.password, user.password);
 
       if (!validPassword) {
         return ctx.badRequest(

diff --git a/packages/strapi-plugin-users-permissions/services/User.js b/packages/strapi-plugin-users-permissions/services/User.js
@@ -114,6 +114,6 @@ module.exports = {
   },
 
   validatePassword(password, hash) {
-    return bcrypt.compareSync(password, hash);
+    return bcrypt.compare(password, hash);
   },
 };