Compare commits

...

45 commits

Author SHA1 Message Date
S Kopper
e2f1683b52 merge: upd: flip rehash behavior, convert argon2 into bcrypt (!444)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/444
2024-04-12 04:34:29 +00:00
dakkar
e0afeff248 merge: hide images/videos in og cards, when under a CW - fixes #487 (!488)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/488

Closes #487

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 20:40:38 +00:00
Marie
cfc8081cec merge: bump tmp@0.2.3 - fixes #464 (!475)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/475

Closes #464

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 18:00:40 +00:00
Marie
011ccd3a9a merge: bump devel version (!486)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/486

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 17:21:32 +00:00
dakkar
56dca6dbf5 hide images/videos in og cards, when under a CW - fixes #487 2024-04-07 16:58:13 +01:00
dakkar
2a634e0309 bump devel version 2024-03-30 12:48:03 +00:00
dakkar
e6970a0e7c Merge branch 'stable' into bump-devel-version 2024-03-30 12:44:31 +00:00
Amelia Yukii
571272a564 merge: release 2024.3.2 (!485)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/485

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-30 11:19:08 +00:00
dakkar
30bb0f60a2 version bump 2024-03-30 11:09:00 +00:00
dakkar
328546c4cd Merge branch 'develop' into release/2024-03-30 2024-03-30 11:08:26 +00:00
dakkar
f4e89f2e6b bump tmp@0.2.3 - fixes #464
see also https://github.com/raszi/node-tmp/issues/295
2024-03-19 17:13:43 +00:00
dakkar
2cad97c1ab merge: release 2024.3.1 (!449)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/449

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Marie <marie@kaifa.ch>
2024-03-02 17:43:24 +00:00
dakkar
6ecfe7c7c3 remove duplicate method 2024-03-02 17:34:31 +00:00
dakkar
23f476dbf3 Merge branch 'develop' into release/2024.3.1 2024-03-02 17:28:34 +00:00
ShittyKopper
b31a59a297 upd: flip rehash behavior, convert argon2 into bcrypt
argon2 is only really used to allow migrations from firefish-like instances.

using argon2 for everything prevents seamless migrations to upstream
misskey in exchange for a debatable[1][2] increase in security.

so, let's keep accepting existing argon2 hashes, but rehash them to
bcrypt on login.

[1]: https://infosec.exchange/@epixoip/110912922574721750,
     https://github.com/epixoip/hmac-bcrypt/?tab=readme-ov-file#justification

[2]: the bcrypt implementation used in misskey doesn't support passwords
     > 72 bytes, but we cannot do anything about *that* without breaking
     compatibility, bringing us back to where we started (upstream; if
     you're reading this, please consider hmac-bcrypt!)
2024-02-25 19:59:07 +03:00
Amelia Yukii
7a1251423f merge: Add missing IMPORTANT_NOTES.md from Sharkey/OldJoinSharkey (!443)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/443

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-02-24 18:20:48 +00:00
Marie
7f5492a395 Add missing IMPORTANT_NOTES.md from Sharkey/OldJoinSharkey 2024-02-24 18:20:48 +00:00
Amelia Yukii
11d9fd9199 merge: import upstream ssrf fix on our stable (!425)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/425

Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-02-17 13:06:47 +00:00
syuilo
6132bc3b3e fix of 9a70ce8f5e
Co-Authored-By: RyotaK <49341894+Ry0taK@users.noreply.github.com>
2024-02-17 12:54:45 +00:00
dakkar
fef7a7b99a bump version 2024-02-17 12:38:01 +00:00
tamaina
1948ca9aa8 Merge pull request from GHSA-qqrm-9grj-6v32 2024-02-17 12:36:44 +00:00
Amelia Yukii
848e1f9a56 version is better
(cherry picked from commit fb455e4fd9)
2024-02-01 16:11:48 +00:00
Amelia Yukii
9c4353ee79 Update .gitlab-ci.yml
(cherry picked from commit 8c5818acf0)
2024-02-01 16:10:47 +00:00
Amelia Yukii
a6e257f502 Merge branch 'feture/code-injection-fix' into 'develop'
CVE: Fixed code injection from twitter import

See merge request TransFem-org/Sharkey!390

(cherry picked from commit 127f8556d4)

2a8e93e4 Fixed code injection from twitter import
2024-02-01 15:07:35 +00:00
Amelia Yukii
310e1a1262 Merge branch 'Amelia-stable-patch-29368' into 'stable'
Update docker-compose_example.yml

See merge request TransFem-org/Sharkey!389
2024-02-01 14:44:14 +00:00
Amelia Yukii
15f3c046d1 Update docker-compose_example.yml 2024-02-01 14:42:19 +00:00
Amelia Yukii
01d695428a Revert "build stable with stable tag"
This reverts commit acf3e3460f
2024-02-01 14:15:10 +00:00
Amelia Yukii
acf3e3460f build stable with stable tag 2024-02-01 14:00:56 +00:00
Amelia Yukii
4c8116859c Revert "Merge branch 'cherry-pick-3b2d47b1' into 'stable'"
This reverts merge request !386
2024-02-01 13:55:44 +00:00
Amelia Yukii
0e13397db7 Merge branch 'cherry-pick-3b2d47b1' into 'stable'
build stable with stable tag

See merge request TransFem-org/Sharkey!386
2024-02-01 13:41:34 +00:00
Amelia Yukii
ad8818508f Update file .gitlab-ci.yml
(cherry picked from commit 3b2d47b1e3)
2024-02-01 13:38:19 +00:00
Amelia Yukii
d444ee662f Merge branch 'cherry-pick-522ab39d' into 'stable'
Merge branch 'gitlab-ci' into 'develop'

See merge request TransFem-org/Sharkey!383
2024-02-01 10:23:23 +00:00
Amelia Yukii
4c354fff2d Merge branch 'gitlab-ci' into 'develop' 2024-02-01 10:23:23 +00:00
Marie
b81448edf6 merge: release 2023.12.0 2023-12-31 23:19:41 +01:00
Marie
134d2895f0 fix: merge conflict 2023-12-31 23:11:15 +01:00
Marie
7ba8fde9b9 chore: change version 2023-12-31 22:49:43 +01:00
Marie
1022280465
release: 2023.11.2 2023-12-01 00:01:19 +01:00
Marie
021d3924e6
chore: change version 2023-11-30 23:57:04 +01:00
Mar0xy
b6d50d781f
Merge branch 'stable' of https://github.com/transfem-org/Sharkey into stable 2023-11-26 18:47:44 +01:00
Mar0xy
1d411bb885
chore: fix locales 2023-11-26 18:47:20 +01:00
Marie
f7afd1ae4a
release: 2023.11.1 2023-11-26 17:28:42 +01:00
Marie
1ef1f2a03c
Merge branch 'stable' into release/2023.11.1 2023-11-26 17:26:30 +01:00
Marie
829ce4f86a
merge: 2023.11.0 2023-11-07 20:16:20 +01:00
Mar0xy
6d5d863150
merge: last minute changes 2023-11-07 20:07:53 +01:00
Marie
fc7d4bc420
chore: set release version 2023-11-07 19:39:18 +01:00
21 changed files with 73 additions and 72 deletions

View file

@ -11,7 +11,7 @@ testCommit:
variables: variables:
POSTGRES_PASSWORD: ci POSTGRES_PASSWORD: ci
script: script:
- apt-get update && apt-get install -y git wget curl build-essential python3 - apt-get update && apt-get install -y git wget curl build-essential python3
- cp .config/ci.yml .config/default.yml - cp .config/ci.yml .config/default.yml
- corepack enable - corepack enable
- corepack prepare pnpm@latest --activate - corepack prepare pnpm@latest --activate
@ -55,6 +55,8 @@ getImageTag:
only: only:
- stable - stable
- develop - develop
- tags
buildDocker: buildDocker:
stage: deploy stage: deploy
needs: needs:
@ -78,6 +80,8 @@ buildDocker:
only: only:
- stable - stable
- develop - develop
- tags
mergeManifests: mergeManifests:
stage: deploy stage: deploy
needs: needs:
@ -103,3 +107,4 @@ mergeManifests:
only: only:
- stable - stable
- develop - develop
- tags

View file

@ -1,6 +1,6 @@
{ {
"name": "sharkey", "name": "sharkey",
"version": "2024.3.1", "version": "2024.3.2-devel",
"codename": "shonk", "codename": "shonk",
"repository": { "repository": {
"type": "git", "type": "git",

View file

@ -172,7 +172,7 @@
"stringz": "2.1.0", "stringz": "2.1.0",
"systeminformation": "5.22.0", "systeminformation": "5.22.0",
"tinycolor2": "1.6.0", "tinycolor2": "1.6.0",
"tmp": "0.2.2", "tmp": "0.2.3",
"tsc-alias": "1.8.8", "tsc-alias": "1.8.8",
"tsconfig-paths": "4.2.0", "tsconfig-paths": "4.2.0",
"typeorm": "0.3.20", "typeorm": "0.3.20",

View file

@ -5,8 +5,7 @@
import { randomUUID } from 'node:crypto'; import { randomUUID } from 'node:crypto';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import * as argon2 from 'argon2'; import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import { IsNull, DataSource } from 'typeorm'; import { IsNull, DataSource } from 'typeorm';
import { genRsaKeyPair } from '@/misc/gen-key-pair.js'; import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
import { MiUser } from '@/models/User.js'; import { MiUser } from '@/models/User.js';
@ -33,8 +32,8 @@ export class CreateSystemUserService {
const password = randomUUID(); const password = randomUUID();
// Generate hash of password // Generate hash of password
//const salt = await bcrypt.genSalt(8); const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(password); const hash = await bcrypt.hash(password, salt);
// Generate secret // Generate secret
const secret = generateNativeUserToken(); const secret = generateNativeUserToken();

View file

@ -5,8 +5,7 @@
import { generateKeyPair } from 'node:crypto'; import { generateKeyPair } from 'node:crypto';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { DataSource, IsNull } from 'typeorm'; import { DataSource, IsNull } from 'typeorm';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import type { UsedUsernamesRepository, UsersRepository } from '@/models/_.js'; import type { UsedUsernamesRepository, UsersRepository } from '@/models/_.js';
@ -69,8 +68,8 @@ export class SignupService {
} }
// Generate hash of password // Generate hash of password
//const salt = await bcrypt.genSalt(8); const salt = await bcrypt.genSalt(8);
hash = await argon2.hash(password); hash = await bcrypt.hash(password, salt);
} }
// Generate secret // Generate secret

View file

@ -421,7 +421,7 @@ export class ImportNotesProcessorService {
if (file.name) { if (file.name) {
this.driveService.updateFile(exists, { comment: file.name }, user); this.driveService.updateFile(exists, { comment: file.name }, user);
} }
files.push(exists); files.push(exists);
} }
} }

View file

@ -139,7 +139,22 @@ export class SigninApiService {
} }
// Compare password // Compare password
const same = await argon2.verify(profile.password!, password) || bcrypt.compareSync(password, profile.password!); let same;
if (profile.password?.startsWith('$argon2')) {
same = await argon2.verify(profile.password, password);
if (same) {
// rehash
const salt = await bcrypt.genSalt(8);
const newHash = await bcrypt.hash(password, salt);
await this.userProfilesRepository.update(user.id, {
password: newHash,
});
}
} else {
same = await bcrypt.compare(password, profile.password!);
}
const fail = async (status?: number, failure?: { id: string }) => { const fail = async (status?: number, failure?: { id: string }) => {
// Append signin history // Append signin history
@ -156,12 +171,6 @@ export class SigninApiService {
if (!profile.twoFactorEnabled) { if (!profile.twoFactorEnabled) {
if (same) { if (same) {
if (profile.password!.startsWith('$2')) {
const newHash = await argon2.hash(password);
this.userProfilesRepository.update(user.id, {
password: newHash
});
}
if (!instance.approvalRequiredForSignup && !user.approved) this.usersRepository.update(user.id, { approved: true }); if (!instance.approvalRequiredForSignup && !user.approved) this.usersRepository.update(user.id, { approved: true });
return this.signinService.signin(request, reply, user); return this.signinService.signin(request, reply, user);
@ -180,12 +189,6 @@ export class SigninApiService {
} }
try { try {
if (profile.password!.startsWith('$2')) {
const newHash = await argon2.hash(password);
this.userProfilesRepository.update(user.id, {
password: newHash
});
}
await this.userAuthService.twoFactorAuthenticate(profile, token); await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) { } catch (e) {
return await fail(403, { return await fail(403, {

View file

@ -4,8 +4,7 @@
*/ */
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { IsNull } from 'typeorm'; import { IsNull } from 'typeorm';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository, MiRegistrationTicket } from '@/models/_.js'; import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository, MiRegistrationTicket } from '@/models/_.js';
@ -20,10 +19,10 @@ import { MiLocalUser } from '@/models/User.js';
import { FastifyReplyError } from '@/misc/fastify-reply-error.js'; import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js'; import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';
import { SigninService } from './SigninService.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
import instance from './endpoints/charts/instance.js';
import { RoleService } from '@/core/RoleService.js'; import { RoleService } from '@/core/RoleService.js';
import { SigninService } from './SigninService.js';
import instance from './endpoints/charts/instance.js';
import type { FastifyRequest, FastifyReply } from 'fastify';
@Injectable() @Injectable()
export class SignupApiService { export class SignupApiService {
@ -193,8 +192,8 @@ export class SignupApiService {
const code = secureRndstr(16, { chars: L_CHARS }); const code = secureRndstr(16, { chars: L_CHARS });
// Generate hash of password // Generate hash of password
//const salt = await bcrypt.genSalt(8); const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(password); const hash = await bcrypt.hash(password, salt);
const pendingUser = await this.userPendingsRepository.insert({ const pendingUser = await this.userPendingsRepository.insert({
id: this.idService.gen(), id: this.idService.gen(),

View file

@ -4,8 +4,7 @@
*/ */
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js'; import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
@ -66,7 +65,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const passwd = secureRndstr(8); const passwd = secureRndstr(8);
// Generate hash of password // Generate hash of password
const hash = await argon2.hash(passwd); const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(passwd, salt);
await this.userProfilesRepository.update({ await this.userProfilesRepository.update({
userId: user.id, userId: user.id,

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
@ -87,7 +86,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
} }
} }
const passwordMatched = await argon2.verify(profile.password ?? '', ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
if (!passwordMatched) { if (!passwordMatched) {
throw new ApiError(meta.errors.incorrectPassword); throw new ApiError(meta.errors.incorrectPassword);
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js'; import type { UserProfilesRepository } from '@/models/_.js';
@ -219,7 +218,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
} }
} }
const passwordMatched = await argon2.verify(profile.password ?? '', ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
if (!passwordMatched) { if (!passwordMatched) {
throw new ApiError(meta.errors.incorrectPassword); throw new ApiError(meta.errors.incorrectPassword);
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import * as OTPAuth from 'otpauth'; import * as OTPAuth from 'otpauth';
import * as QRCode from 'qrcode'; import * as QRCode from 'qrcode';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
@ -78,7 +77,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
} }
const passwordMatched = await argon2.verify(profile.password ?? '', ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
if (!passwordMatched) { if (!passwordMatched) {
throw new ApiError(meta.errors.incorrectPassword); throw new ApiError(meta.errors.incorrectPassword);
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository, UserSecurityKeysRepository } from '@/models/_.js'; import type { UserProfilesRepository, UserSecurityKeysRepository } from '@/models/_.js';
@ -68,7 +67,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
} }
const passwordMatched = await argon2.verify(profile.password ?? '', ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
if (!passwordMatched) { if (!passwordMatched) {
throw new ApiError(meta.errors.incorrectPassword); throw new ApiError(meta.errors.incorrectPassword);
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
@ -63,7 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
} }
const passwordMatched = await argon2.verify(profile.password ?? '', ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
if (!passwordMatched) { if (!passwordMatched) {
throw new ApiError(meta.errors.incorrectPassword); throw new ApiError(meta.errors.incorrectPassword);
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js'; import type { UserProfilesRepository } from '@/models/_.js';
@ -51,15 +50,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
} }
const passwordMatched = await argon2.verify(profile.password!, ps.currentPassword); const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!);
if (!passwordMatched) { if (!passwordMatched) {
throw new Error('incorrect password'); throw new Error('incorrect password');
} }
// Generate hash of password // Generate hash of password
//const salt = await bcrypt.genSalt(8); const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(ps.newPassword); const hash = await bcrypt.hash(ps.newPassword, salt);
await this.userProfilesRepository.update(me.id, { await this.userProfilesRepository.update(me.id, {
password: hash, password: hash,

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js'; import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
@ -60,7 +59,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
return; return;
} }
const passwordMatched = await argon2.verify(profile.password!, ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password!);
if (!passwordMatched) { if (!passwordMatched) {
throw new Error('incorrect password'); throw new Error('incorrect password');
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js'; import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
@ -44,7 +43,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id }); const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password // Compare password
const same = await argon2.verify(profile.password!, ps.password); const same = await bcrypt.compare(ps.password, profile.password!);
if (!same) { if (!same) {
throw new Error('incorrect password'); throw new Error('incorrect password');

View file

@ -5,8 +5,7 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms'; import ms from 'ms';
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js'; import type { UserProfilesRepository } from '@/models/_.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js';
@ -88,7 +87,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
} }
const passwordMatched = await argon2.verify(profile.password!, ps.password); const passwordMatched = await bcrypt.compare(ps.password, profile.password!);
if (!passwordMatched) { if (!passwordMatched) {
throw new ApiError(meta.errors.incorrectPassword); throw new ApiError(meta.errors.incorrectPassword);
} }

View file

@ -3,8 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
//import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import type { UserProfilesRepository, PasswordResetRequestsRepository } from '@/models/_.js'; import type { UserProfilesRepository, PasswordResetRequestsRepository } from '@/models/_.js';
import { Endpoint } from '@/server/api/endpoint-base.js'; import { Endpoint } from '@/server/api/endpoint-base.js';
@ -54,8 +53,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
// Generate hash of password // Generate hash of password
//const salt = await bcrypt.genSalt(8); const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(ps.password); const hash = await bcrypt.hash(ps.password, salt);
await this.userProfilesRepository.update(req.userId, { await this.userProfilesRepository.update(req.userId, {
password: hash, password: hash,

View file

@ -5,8 +5,8 @@ block vars
- const title = user.name ? `${user.name} (@${user.username})` : `@${user.username}`; - const title = user.name ? `${user.name} (@${user.username})` : `@${user.username}`;
- const url = `${config.url}/notes/${note.id}`; - const url = `${config.url}/notes/${note.id}`;
- const isRenote = note.renote && note.text == null && note.fileIds.length == 0 && note.poll == null; - const isRenote = note.renote && note.text == null && note.fileIds.length == 0 && note.poll == null;
- const images = (note.files || []).filter(file => file.type.startsWith('image/') && !file.isSensitive) - const images = note.cw ? [] : (note.files || []).filter(file => file.type.startsWith('image/') && !file.isSensitive)
- const videos = (note.files || []).filter(file => file.type.startsWith('video/') && !file.isSensitive) - const videos = note.cw ? [] : (note.files || []).filter(file => file.type.startsWith('video/') && !file.isSensitive)
block title block title
= `${title} | ${instanceName}` = `${title} | ${instanceName}`

View file

@ -392,8 +392,8 @@ importers:
specifier: 1.6.0 specifier: 1.6.0
version: 1.6.0 version: 1.6.0
tmp: tmp:
specifier: 0.2.2 specifier: 0.2.3
version: 0.2.2 version: 0.2.3
tsc-alias: tsc-alias:
specifier: 1.8.8 specifier: 1.8.8
version: 1.8.8 version: 1.8.8
@ -18813,6 +18813,12 @@ packages:
engines: {node: '>=14'} engines: {node: '>=14'}
dependencies: dependencies:
rimraf: 5.0.5 rimraf: 5.0.5
dev: true
/tmp@0.2.3:
resolution: {integrity: sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==}
engines: {node: '>=14.14'}
dev: false
/tmpl@1.0.5: /tmpl@1.0.5:
resolution: {integrity: sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==} resolution: {integrity: sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==}