Skip to content

Commit

Permalink
Only update bcrypt password rounds if the password actually matches
Browse files Browse the repository at this point in the history
  • Loading branch information
@xPaw
xPaw committed Jun 2, 2017
1 parent 1f1b025 commit b46f92c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/server.js
View file
Expand Up @@ -287,7 +287,7 @@ function localAuth(client, user, password, callback) {
Helper.password
.compare(password, client.config.password)
.then(matching => {
if (Helper.password.requiresUpdate(client.config.password)) {
if (matching && Helper.password.requiresUpdate(client.config.password)) {
const hash = Helper.password.hash(password);

client.setPassword(hash, success => {
Expand Down

1 comment on commit b46f92c

@xPaw
Copy link
Member Author

@xPaw xPaw commented on b46f92c Jun 2, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This issue has been introduced in v2.2.0.

EDIT: This actually has been introduced by #985. And thus has never been in any release.

Please sign in to comment.