amikhalev/sprinklers3
1
1
Fork 0
Code Issues 9 Pull Requests 1 Releases Wiki Activity

Actually comparing the password when granting a token is important

Browse Source
This commit is contained in:
Alex Mikhalev 2018-07-02 15:25:35 -06:00
parent 2baca5fdd0
commit 853770a9e8
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/express/authentication.ts
View File

@ -104,13 +104,13 @@ export function authentication(state: ServerState) {
} }
const user = await User.loadByUsername(state.database, username); const user = await User.loadByUsername(state.database, username);
if (!user) { if (!user) {
throw new ApiError(401, "User does not exist"); throw new ApiError(400, "User does not exist");
} }
const passwordMatches = user.comparePassword(password); const passwordMatches = await user.comparePassword(password);
if (passwordMatches) { if (passwordMatches) {
return user; return user;
} else { } else {
throw new ApiError(400, "User does not exist"); throw new ApiError(401, "Invalid user credentials");
} }
} }