Migrate to bcrypt (#8446)

* start migrating to bcrypt * added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default * travis: try to upgrade to container based infrastructure * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476 * correct sha1 unit tests * try different mongodb repo * try without mognodb services * try again with bcrypt * disable request logging in travis * migrate missing routes * simplify code * remove bcryptjs * fix typo * fix typo * fix typo in comment * add unit tests for new passwords utility emthods * travis: back to old infrastructure, containers often have timeouts * add integration test for passwordHashMethod * update shrinkwrap * clarify code and add comments * add integration tests * fix linting * fix integration tests
2025-12-17 14:47:53 +01:00 · 2017-01-24 12:28:42 +01:00
parent 04f4eb8490
commit acad3b8873
16 changed files with 1439 additions and 722 deletions
--- a/test/api/v3/integration/user/auth/PUT-user_update_email.test.js
+++ b/test/api/v3/integration/user/auth/PUT-user_update_email.test.js
@@ -2,6 +2,11 @@ import {
  generateUser,
  translate as t,
 } from '../../../../../helpers/api-v3-integration.helper';
+import {
+  bcryptCompare,
+  sha1MakeSalt,
+  sha1Encrypt as sha1EncryptPassword,
+} from '../../../../../../website/server/libs/password';

 const ENDPOINT = '/user/auth/update-email';

@@ -66,6 +71,41 @@ describe('PUT /user/auth/update-email', () => {
        message: t('cannotFulfillReq'),
      });
    });
+
+    it('converts user with SHA1 encrypted password to bcrypt encryption', async () => {
+      let textPassword = 'mySecretPassword';
+      let salt = sha1MakeSalt();
+      let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
+      let myNewEmail = 'my-new-random-email@example.net';
+
+      await user.update({
+        'auth.local.hashed_password': sha1HashedPassword,
+        'auth.local.passwordHashMethod': 'sha1',
+        'auth.local.salt': salt,
+      });
+
+      await user.sync();
+      expect(user.auth.local.passwordHashMethod).to.equal('sha1');
+      expect(user.auth.local.salt).to.equal(salt);
+      expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
+
+      // update email
+      let response = await user.put(ENDPOINT, {
+        newEmail: myNewEmail,
+        password: textPassword,
+      });
+      expect(response).to.eql({ email: myNewEmail });
+
+      await user.sync();
+
+      expect(user.auth.local.email).to.equal(myNewEmail);
+      expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
+      expect(user.auth.local.salt).to.be.undefined;
+      expect(user.auth.local.hashed_password).not.to.equal(sha1HashedPassword);
+
+      let isValidPassword = await bcryptCompare(textPassword, user.auth.local.hashed_password);
+      expect(isValidPassword).to.equal(true);
+    });
  });

  context('Social Login User', async () => {