From c1fca4764b9a24e1d28c9aaab087298bfb1b3682 Mon Sep 17 00:00:00 2001 From: azivner Date: Wed, 22 Nov 2017 20:57:06 -0500 Subject: [PATCH] fixed password change (broken since migration to CBC encryption) --- services/change_password.js | 4 +--- services/password_encryption.js | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/services/change_password.js b/services/change_password.js index 47029cc11..cd29664a8 100644 --- a/services/change_password.js +++ b/services/change_password.js @@ -16,12 +16,10 @@ async function changePassword(currentPassword, newPassword, req) { } const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword)); - const newPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(newPassword); - const decryptedDataKey = await password_encryption.getDataKey(currentPassword); await sql.doInTransaction(async () => { - await password_encryption.setDataKey(newPasswordDerivedKey, decryptedDataKey); + await password_encryption.setDataKey(newPassword, decryptedDataKey); await options.setOption('password_verification_hash', newPasswordVerificationKey); diff --git a/services/password_encryption.js b/services/password_encryption.js index bd34c1b60..603727686 100644 --- a/services/password_encryption.js +++ b/services/password_encryption.js @@ -11,14 +11,14 @@ async function verifyPassword(password) { return givenPasswordHash === dbPasswordHash; } -async function setDataKey(password, plainText) { +async function setDataKey(password, plainTextDataKey) { const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password); const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16); await options.setOption('encrypted_data_key_iv', encryptedDataKeyIv); - const buffer = Buffer.from(plainText); + const buffer = Buffer.from(plainTextDataKey); const newEncryptedDataKey = data_encryption.encrypt(passwordDerivedKey, encryptedDataKeyIv, buffer);