Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

Commit

Permalink
🐛 Fix password hash in Pwned
Browse files Browse the repository at this point in the history
  • Loading branch information
AnandChowdhary committed Oct 30, 2020

Verified

This commit was signed with the committer’s verified signature.
hiddeco Hidde Beydals
1 parent e334973 commit 10a4b3c
Showing 2 changed files with 4 additions and 2 deletions.
1 change: 0 additions & 1 deletion src/modules/approved-subnets/approved-subnets.service.ts
Original file line number Diff line number Diff line change
@@ -93,7 +93,6 @@ export class ApprovedSubnetsService {
region: location?.subdivisions.pop()?.names?.en,
timezone: location?.location?.time_zone,
countryCode: location?.country?.iso_code,
createdAt: new Date(),
},
});
return this.prisma.expose<approvedSubnets>(approved);
5 changes: 4 additions & 1 deletion src/modules/auth/auth.service.ts
Original file line number Diff line number Diff line change
@@ -558,7 +558,10 @@ export class AuthService {
): Promise<string> {
if (!ignorePwnedPassword) {
if (!this.configService.get<boolean>('security.passwordPwnedCheck'))
return;
return await hash(
password,
this.configService.get<number>('security.saltRounds'),
);
if (!(await this.pwnedService.isPasswordSafe(password)))
throw new HttpException(
'This password has been compromised in a data breach.',

0 comments on commit 10a4b3c

Please sign in to comment.