fix(auth): hash new password in updatePassword to stop plaintext storage (#3925)#3937
Conversation
…age + self-lockout (#3925) The change-password handler validated strength via checkPassword (zxcvbn only, returns the raw string) then persisted it verbatim. The user model has no pre-save hash hook, so the new password landed in the DB in plaintext — storing credentials at rest AND locking the user out on next signin (comparePassword compares the entered password against the stored plaintext, never matching). Mirror the sibling reset() path: hashPassword(checkedPassword) before persisting. Tests: strengthen the change-password success test to read the stored value and assert bcrypt format (/^$2[aby]$/), plus a runtime signin oracle (new password authenticates, old one 401). This bug shipped undetected because no test ever checked the persisted value. Verified the strengthened test fails on the pre-fix code. Follow-up (out of scope, downstream ops): remediate any already-corrupted rows with a plaintext password persisted before this fix.
|
Warning Review limit reached
Next review available in: 59 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3937 +/- ##
=======================================
Coverage 92.67% 92.68%
=======================================
Files 169 169
Lines 5546 5547 +1
Branches 1782 1783 +1
=======================================
+ Hits 5140 5141 +1
Misses 326 326
Partials 80 80
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
Problem
The change-password endpoint validated strength then persisted the raw password — the User model has no pre-save hash hook, so the new password was stored in plaintext, and the next
bcrypt.comparelogin failed against it (self-lockout). The siblingreset()in the same file hashes correctly.Fix
Hash before persisting, mirroring
reset():checkPassword→hashPassword→UserService.update. Inside the existingtry, so the weak-password 422 path is unchanged; response still strips the password viaremoveSensitive.Test
Strengthened the success-path integration test to read the stored value (asserts it matches
/^$2[aby]$/, not the plaintext) and round-trip a real signin with the new password (200) and the old (401). Verified red-green: reverting the fix makes the test fail on the plaintext value.Follow-up (out of scope, downstream ops)
Remediating any already-corrupted plaintext rows in a running deployment is a downstream-operations task, not part of this devkit fix.
Closes #3925
https://claude.ai/code/session_01V1mhCDsSUnn3WGtevd3YFX