Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
this.db.findOne({username: credentials.username}).exec((err, user) => {
if (err) {
return callback(null, err);
}
// Username not found.
if (user == null) {
return callback(null, user);
}
argon2
.verify(user.password, credentials.password)
.then(argon2Match => {
if (argon2Match) {
return callback(argon2Match, user.isAdmin);
}
callback(null, argon2Match, false);
})
.catch(error => callback(null, error));
});
}
export const verifyPassword = (storedHash, incomingPassword) => (
argon.verify(
// Always run password validation to impede side channel attacks
storedHash || dummyPassword,
incomingPassword,
)
);
export async function compare(
plaintext: string,
hash: string,
): Promise {
try {
const valid = await argon2.verify(hash, plaintext)
return valid
} catch (e) {
console.error(e)
return false
}
}
async function authenticateUser(username, password) {
let item;
try {
item = await sync
.syncMaps(DB_NAMES.USERS)
.syncMapItems(escape(username))
.fetch();
} catch (err) {
console.error(err);
return null;
}
const userData = item.data;
const passwordIsCorrect = await argon2.verify(userData.hash, password);
if (!passwordIsCorrect) {
return null;
}
return { role: userData.role, username };
}
public authenticate(user: TUser, password: string): Promise {
return argon2.verify(user.hashedPassword, password);
}
public async compare(plain: string, hash: string): Promise {
return await argon2.verify(hash, plain);
}
async verifyPasswordHash({ passwordHash, password }) {
return await argon2.verify(passwordHash, password);
}
}
public authenticate(password: string) {
return argon2.verify(this.hashedPassword, password + getPasswordSalt());
}
async login(
@Args() { email, password }: User,
@Req() req: Request,
) {
const user = await this.user.find({ email });
if (!user) {
this.app.throwValidationErrors('login', {
email: `No such user found with email`,
});
}
const valid = await argon2.verify(password, user.password);
if (!valid) {
this.app.throwValidationErrors('login', {
password: `Password doesn't match`,
});
}
const jwt = this.app.createJwtToken(req, user);
return {
jwt,
user,
};
}