kavin/Piped-Backend
1
0
Fork 0
mirror of https://github.com/TeamPiped/Piped-Backend.git synced 2025-01-06 01:20:28 +05:30
Code Issues Projects Releases Wiki Activity

explicitly reject empty hashes

Browse Source
This commit is contained in:
Jeidnx 2024-11-21 10:46:44 +01:00
parent e4ba19556c
commit 77cd736c06
No known key found for this signature in database
GPG Key ID: 0E9E697B7E99DF39
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/me/kavin/piped/server/handlers/auth/UserHandlers.java
View File

@ -96,6 +96,9 @@ public class UserHandlers {
} }
private static boolean hashMatch(String hash, String pass) { private static boolean hashMatch(String hash, String pass) {
if (hash.isBlank()) {
return false;
}
return hash.startsWith("$argon2") ? return hash.startsWith("$argon2") ?
argon2PasswordEncoder.matches(pass, hash) : argon2PasswordEncoder.matches(pass, hash) :
bcryptPasswordEncoder.matches(pass, hash); bcryptPasswordEncoder.matches(pass, hash);