admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 10:31:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Make password-reset urls valid only for single-use (#7622)

Browse Source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2023-11-07 15:35:43 +01:00
committed by GitHub
parent b3470fd64d
commit 60314248f4
13 changed files with 206 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/cli/src/auth/jwt.ts
View File

@@ -44,6 +44,11 @@ export function issueJWT(user: User): JwtToken {
};
}
export const createPasswordSha = (user: User) =>
createHash('sha256')
.update(user.password.slice(user.password.length / 2))
.digest('hex');
export async function resolveJwtContent(jwtPayload: JwtPayload): Promise<User> {
const user = await Db.collections.User.findOne({
where: { id: jwtPayload.id },
@@ -52,9 +57,7 @@ export async function resolveJwtContent(jwtPayload: JwtPayload): Promise<User> {
let passwordHash = null;
if (user?.password) {
passwordHash = createHash('sha256')
.update(user.password.slice(user.password.length / 2))
.digest('hex');
passwordHash = createPasswordSha(user);
}
// currently only LDAP users during synchronization