fix: do not throw if password passed into `isPasswordCorrect` is invalid, just return false

3 years ago · 287f4c2c41
parent 342cca35c1
commit 287f4c2c41
1 changed files with 6 additions and 1 deletions
--- a/src/user/password.js
+++ b/src/user/password.js
@ -26,7 +26,12 @@ module.exports = function (User) {
 			hashedPassword = '';
 		}

-		User.isPasswordValid(password, 0);
+		try {
+			User.isPasswordValid(password, 0);
+		} catch (e) {
+			return false;
+		}
+
 		await User.auth.logAttempt(uid, ip);
 		const ok = await Password.compare(password, hashedPassword, !!parseInt(shaWrapped, 10));
 		if (ok) {