Skip to content
This repository was archived by the owner on Dec 14, 2023. It is now read-only.

Commit a9eecbd

Browse files
WardormeurWardormeur
authored
Better salt for user (#206)
also, doesn't crash on postgres when NULL byte is generated
1 parent cc566ba commit a9eecbd

File tree

2 files changed

+10
-1
lines changed

2 files changed

+10
-1
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
"async": "0.9.0",
2828
"cp-i18n-lib": "git+https://github.com/CoderDojo/cp-i18n-lib.git",
2929
"cp-logs-lib": "git://github.com/CoderDojo/cp-logs-lib#v1.0.1",
30+
"cp-permissions-plugin": "git://github.com/CoderDojo/cp-permissions-plugin#0.0.1",
3031
"cuid": "1.2.5",
3132
"ejs": "1.0.0",
3233
"jed": "1.1.0",
@@ -46,7 +47,6 @@
4647
"seneca-auth": "1.0",
4748
"seneca-mail": "0.2.1",
4849
"seneca-postgresql-store": "1.1.3",
49-
"cp-permissions-plugin": "git://github.com/CoderDojo/cp-permissions-plugin#0.0.1",
5050
"seneca-user": "1.0",
5151
"shortid": "2.2.2",
5252
"util": "^0.10.3",

users.js

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ var async = require('async');
55
var request = require('request');
66
var moment = require('moment');
77
var pg = require('pg');
8+
var crypto = require('crypto');
89

910
module.exports = function (options) {
1011
var seneca = this;
@@ -35,6 +36,14 @@ module.exports = function (options) {
3536
seneca.add({role: 'cd-users', cmd: 'is_self'}, require('./lib/users/is-self'));
3637
seneca.add({role: 'cd-users', cmd: 'is_parent_of'}, require('./lib/users/is-parent-of'));
3738

39+
seneca.add({role: 'user', cmd: 'encrypt_password'}, function (data, cb) {
40+
// Default seneca's salt is 16b length (too small entropy) and can generate NULL char, which pg cannot handle
41+
if (_.isUndefined(data.salt)) {
42+
data.salt = crypto.randomBytes(256).toString('hex');
43+
}
44+
this.prior(data, cb);
45+
});
46+
3847
function cmd_load_prev_founder (args, done) {
3948
var seneca = this;
4049
seneca.act({role: plugin, cmd: 'load', id: args.id}, function (err, user) {

0 commit comments

Comments
 (0)