shishantbiswas/bknd
1
0
Fork 0
mirror of https://github.com/shishantbiswas/bknd.git synced 2026-03-16 04:27:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add minLength to pw strategy, and enforce

Browse Source
This commit is contained in:
dswbx
2025-12-05 14:03:09 +01:00
parent ed41887d74
commit fef77eea61
4 changed files with 55 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/src/auth/authenticate/strategies/PasswordStrategy.ts
View File

@@ -10,6 +10,7 @@ const schema = s
.object({
hashing: s.string({ enum: ["plain", "sha256", "bcrypt"], default: "sha256" }),
rounds: s.number({ minimum: 1, maximum: 10 }).optional(),
minLength: s.number({ default: 8, minimum: 1 }).optional(),
})
.strict();
@@ -37,7 +38,7 @@ export class PasswordStrategy extends AuthStrategy<typeof schema> {
format: "email",
}),
password: s.string({
minLength: 8, // @todo: this should be configurable
minLength: this.config.minLength,
}),
});
}
@@ -65,12 +66,21 @@ export class PasswordStrategy extends AuthStrategy<typeof schema> {
return await bcryptCompare(compare, actual);
}
return false;
return actual === compare;
}
verify(password: string) {
return async (user: User) => {
const compare = await this.compare(user?.strategy_value!, password);
if (!user || !user.strategy_value) {
throw new InvalidCredentialsException();
}
if (!this.getPayloadSchema().properties.password.validate(password).valid) {
$console.debug("PasswordStrategy: Invalid password", password);
throw new InvalidCredentialsException();
}
const compare = await this.compare(user.strategy_value, password);
if (compare !== true) {
throw new InvalidCredentialsException();
}