Permalink
Browse files

Don't give back the stored password hash !

  • Loading branch information...
1 parent 7add39d commit e8faf946a1fadaf9f290a9e1c0b6e876e08cb753 @romac romac committed Nov 7, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 backend/server.coffee
View
@@ -107,7 +107,7 @@ app.post '/login', (req, res) ->
if sha1(req.body.password) == user.sha1
res.send { result: 'success', session_token: generateToken(user.username), user: user }
else
- res.send { result: 'failure', provided: sha1(req.body.password), stored: user.sha1 }
+ res.send { result: 'failure', provided: sha1(req.body.password) }
@nddrylliog

nddrylliog Nov 7, 2011

Collaborator

Well provided is useless as well.. was using that for debug. Forgot to remove it completely, you must have had a major wtf seeing that ;)

@romac

romac via email Nov 7, 2011

Collaborator
app.get '/user/:username', requiresToken (req, res) ->
User.findOne { username: req.params.username }, (err, user) ->

0 comments on commit e8faf94

Please sign in to comment.