mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-24 19:33:02 +03:00
Extended resetToken.compare return result with reason for comparison failure
refs https://github.com/TryGhost/Ghost/issues/11878 - To be able to identify the reason behind comparison failure on more granular level (like token expiration) had to provide additional information in return result for falsy token comparisons
This commit is contained in:
parent
54f9ff24c2
commit
07972312ed
@ -87,12 +87,18 @@ module.exports.resetToken = {
|
||||
let i;
|
||||
|
||||
if (isNaN(parts.expires)) {
|
||||
return false;
|
||||
return {
|
||||
correct: false,
|
||||
reason: 'invalid_expiry'
|
||||
};
|
||||
}
|
||||
|
||||
// Check if token is expired to prevent replay attacks
|
||||
if (parts.expires < Date.now()) {
|
||||
return false;
|
||||
return {
|
||||
correct: false,
|
||||
reason: 'expired'
|
||||
};
|
||||
}
|
||||
|
||||
generatedToken = exports.resetToken.generateHash({
|
||||
@ -110,6 +116,14 @@ module.exports.resetToken = {
|
||||
diff |= tokenToCompare.charCodeAt(i) ^ generatedToken.charCodeAt(i);
|
||||
}
|
||||
|
||||
return diff === 0;
|
||||
const result = {
|
||||
correct: (diff === 0)
|
||||
};
|
||||
|
||||
if (!result.correct) {
|
||||
result.reason = 'invalid';
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
};
|
||||
|
@ -39,7 +39,8 @@ describe('Utils: tokens', function () {
|
||||
password: '12345678'
|
||||
});
|
||||
|
||||
tokenIsCorrect.should.eql(true);
|
||||
tokenIsCorrect.correct.should.eql(true);
|
||||
should(tokenIsCorrect.reason).be.undefined;
|
||||
});
|
||||
|
||||
it('compare: error from invalid password', function () {
|
||||
@ -61,7 +62,8 @@ describe('Utils: tokens', function () {
|
||||
password: '123456'
|
||||
});
|
||||
|
||||
tokenIsCorrect.should.eql(false);
|
||||
tokenIsCorrect.correct.should.eql(false);
|
||||
tokenIsCorrect.reason.should.eql('invalid');
|
||||
});
|
||||
|
||||
it('compare: error from invalid expires parameter', function () {
|
||||
@ -83,7 +85,8 @@ describe('Utils: tokens', function () {
|
||||
password: '123456'
|
||||
});
|
||||
|
||||
tokenIsCorrect.should.eql(false);
|
||||
tokenIsCorrect.correct.should.eql(false);
|
||||
tokenIsCorrect.reason.should.eql('invalid_expiry');
|
||||
});
|
||||
|
||||
it('compare: error from expired token', function () {
|
||||
@ -105,7 +108,8 @@ describe('Utils: tokens', function () {
|
||||
password: '123456'
|
||||
});
|
||||
|
||||
tokenIsCorrect.should.eql(false);
|
||||
tokenIsCorrect.correct.should.eql(false);
|
||||
tokenIsCorrect.reason.should.eql('expired');
|
||||
});
|
||||
|
||||
it('extract', function () {
|
||||
@ -189,7 +193,7 @@ describe('Utils: tokens', function () {
|
||||
password: '12345678'
|
||||
});
|
||||
|
||||
tokenIsCorrect.should.eql(true);
|
||||
tokenIsCorrect.correct.should.eql(true);
|
||||
});
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user