From b7490536dde422f723b0c9aeee0d38ae5c52e025 Mon Sep 17 00:00:00 2001 From: pikiou Date: Sat, 29 Oct 2022 01:47:44 +0200 Subject: [PATCH] Add support for passwords ending with a space --- src/server/gsheets/volunteers.ts | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/src/server/gsheets/volunteers.ts b/src/server/gsheets/volunteers.ts index 7593f26..7917162 100644 --- a/src/server/gsheets/volunteers.ts +++ b/src/server/gsheets/volunteers.ts @@ -1,6 +1,7 @@ import path from "path" import * as fs from "fs" -import { assign, cloneDeep, max, omit, pick } from "lodash" +import { assign, cloneDeep, map, max, omit, pick, some } from "lodash" +// import { assign, cloneDeep, max, omit, pick } from "lodash" import bcrypt from "bcrypt" import sgMail from "@sendgrid/mail" @@ -155,19 +156,27 @@ export const volunteerLogin = expressAccessor.get(async (list, b throw Error("Il n'y a aucun bénévole avec cet email") } + // Try all password combinations with or without space after const password = body.password || "" - const password1Match = await bcrypt.compare( + const passwords: string[] = [ password, - volunteer.password1.replace(/^\$2y/, "$2a") + `${password} `, + password.replace(/ $/, ""), + password.replace(/\s+ $/, ""), + `${password.replace(/\s+ $/, "")} `, + ] + const toTry = [ + ...map(passwords, (p) => [p, volunteer.password1]), + ...map(passwords, (p) => [p, volunteer.password2]), + ] as [string, string][] + const tries = await Promise.all( + map(toTry, async ([p, save]) => bcrypt.compare(p, save.replace(/^\$2y/, "$2a"))) ) - if (!password1Match) { - const password2Match = await bcrypt.compare( - password, - volunteer.password2.replace(/^\$2y/, "$2a") - ) - if (!password2Match) { - throw Error("Mauvais mot de passe pour cet email") - } + + console.log("tries", JSON.stringify(tries)) + + if (!some(tries)) { + throw Error("Mauvais mot de passe pour cet email") } const jwt = await getJwt(volunteer.id, volunteer.roles)