Skip to content

inconsistency with multiple argon2.hash calls #1409

New issue
New issue
Closed
Closed
inconsistency with multiple argon2.hash calls#1409
Assignees
david-rocca
Labels
user registryAn issue for the endpoints related to the User Registry
@ElectricNroff

Description

@ElectricNroff
ElectricNroff
opened on Jun 15, 2025

cve-services/src/controller/org.controller/org.controller.js

Lines 816 to 818 in 54aa5ab

const secret = await argon2.hash(randomKey)
newUser.secret = secret
newRegistryUser.secret = secret

versus

cve-services/src/controller/org.controller/org.controller.js

Lines 1349 to 1351 in 54aa5ab

randomKey = cryptoRandomString({ length: getConstants().CRYPTO_RANDOM_STRING_LENGTH })
oldUser.secret = await argon2.hash(randomKey) // store in db
oldUserRegistry.secret = await argon2.hash(randomKey) // store in db

It seems that you would want secret in the two documents (in two different collections) to always be the same, or always be different . It doesn't seem that it would be valuable to make them different (because the two calls to argon2.hash(randomKey) will produce different output for the same randomKey) only if resetSecret happens to be called.
@david-rocca

Metadata

Metadata

Assignees

Labels

user registryAn issue for the endpoints related to the User Registry

Type

No type

Projects

User Registry Planning & Development

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions