Page MenuHomePhabricator
Files F3492789

D6098.id20332.diff
No OneTemporary
Actions

D6098.id20332.diff
View Options

diff --git a/keyserver/src/deleters/account-deleters.js b/keyserver/src/deleters/account-deleters.js
--- a/keyserver/src/deleters/account-deleters.js
+++ b/keyserver/src/deleters/account-deleters.js
@@ -35,7 +35,13 @@
throw new ServerError('internal_error');
}
const row = result[0];
- if (!bcrypt.compareSync(request.password, row.hash)) {
+ const requestPasswordConsistentWithDB = !!row.hash === !!request.password;
+ const shouldValidatePassword = !!row.hash;
+ if (
+ !requestPasswordConsistentWithDB ||
+ (shouldValidatePassword &&
+ !bcrypt.compareSync(request.password, row.hash))
+ ) {
throw new ServerError('invalid_credentials');
}
}

File Metadata

Mime Type
text/plain
Expires
Fri, Dec 20, 1:36 AM (21 h, 38 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2679083
Default Alt Text
D6098.id20332.diff (709 B)

Event Timeline