diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts index 2c74a7b8c..58b6b33c4 100644 --- a/backend/src/graphql/resolver/UserResolver.test.ts +++ b/backend/src/graphql/resolver/UserResolver.test.ts @@ -97,6 +97,8 @@ jest.mock('@/apis/KlicktippController', () => { } }) +CONFIG.EMAIL_CODE_REQUEST_TIME = 10 + let admin: User let user: User let mutate: ApolloServerTestClient['mutate'], @@ -1548,11 +1550,9 @@ describe('UserResolver', () => { expect(bibi).toEqual( expect.objectContaining({ - password: Buffer.from( - (await SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_'))[0], - ) - .readBigUInt64LE() - .toString(), + password: ( + await SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_') + ).toString(), passwordEncryptionType: PasswordEncryptionType.GRADIDO_ID, }), ) @@ -1574,9 +1574,7 @@ describe('UserResolver', () => { }) bibi = usercontact.user bibi.passwordEncryptionType = PasswordEncryptionType.EMAIL - bibi.password = Buffer.from( - (await SecretKeyCryptographyCreateKey('bibi@bloxberg.de', 'Aa12345_'))[0], - ).readBigUInt64LE() + bibi.password = await SecretKeyCryptographyCreateKey('bibi@bloxberg.de', 'Aa12345_') await bibi.save() }) @@ -1593,11 +1591,9 @@ describe('UserResolver', () => { expect(bibi).toEqual( expect.objectContaining({ firstName: 'Bibi', - password: Buffer.from( - (await SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_'))[0], - ) - .readBigUInt64LE() - .toString(), + password: ( + await SecretKeyCryptographyCreateKey(bibi.gradidoID.toString(), 'Aa12345_') + ).toString(), passwordEncryptionType: PasswordEncryptionType.GRADIDO_ID, }), ) diff --git a/backend/src/password/EncryptionWorker.ts b/backend/src/password/EncryptionWorker.ts index 506a42c1e..f14d5d1ff 100644 --- a/backend/src/password/EncryptionWorker.ts +++ b/backend/src/password/EncryptionWorker.ts @@ -20,7 +20,7 @@ export const SecretKeyCryptographyCreateKey = ( password: string, configLoginAppSecret: Buffer, configLoginServerKey: Buffer, -): Uint8Array[] => { +): bigint => { const state = Buffer.alloc(crypto_hash_sha512_STATEBYTES) crypto_hash_sha512_init(state) crypto_hash_sha512_update(state, Buffer.from(salt)) @@ -43,8 +43,7 @@ export const SecretKeyCryptographyCreateKey = ( const encryptionKeyHash = Buffer.alloc(crypto_shorthash_BYTES) crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey) - - return [new Uint8Array(encryptionKeyHash), new Uint8Array(encryptionKey)] + return encryptionKeyHash.readBigUInt64LE() } if (CONFIG.USE_CRYPTO_WORKER) { diff --git a/backend/src/password/EncryptorUtils.ts b/backend/src/password/EncryptorUtils.ts index 1f8b706a2..27432d1a3 100644 --- a/backend/src/password/EncryptorUtils.ts +++ b/backend/src/password/EncryptorUtils.ts @@ -46,7 +46,7 @@ export const isValidPassword = (password: string): boolean => { export const SecretKeyCryptographyCreateKey = async ( salt: string, password: string, -): Promise => { +): Promise => { try { logger.trace('call worker for: SecretKeyCryptographyCreateKey') if (configLoginServerKey.length !== crypto_shorthash_KEYBYTES) { @@ -56,14 +56,14 @@ export const SecretKeyCryptographyCreateKey = async ( crypto_shorthash_KEYBYTES, ) } - let result: Promise + let result: Promise if (encryptionWorkerPool) { result = (await encryptionWorkerPool.exec('SecretKeyCryptographyCreateKey', [ salt, password, configLoginAppSecret, configLoginServerKey, - ])) as Promise + ])) as Promise } else { result = Promise.resolve( SecretKeyCryptographyCreateKeySync( diff --git a/backend/src/password/PasswordEncryptor.ts b/backend/src/password/PasswordEncryptor.ts index 1ee0a68a8..a97c29e7f 100644 --- a/backend/src/password/PasswordEncryptor.ts +++ b/backend/src/password/PasswordEncryptor.ts @@ -5,9 +5,7 @@ import { getUserCryptographicSalt, SecretKeyCryptographyCreateKey } from './Encr export const encryptPassword = async (dbUser: User, password: string): Promise => { const salt = getUserCryptographicSalt(dbUser) - const keyBuffer: Uint8Array[] = await SecretKeyCryptographyCreateKey(salt, password) // returns Uint8Array[short hash, long hash] - const passwordHash = Buffer.from(keyBuffer[0]).readBigUInt64LE() - return passwordHash + return SecretKeyCryptographyCreateKey(salt, password) } export const verifyPassword = async (dbUser: User, password: string): Promise => { diff --git a/backend/src/password/__mocks__/EncryptorUtils.ts b/backend/src/password/__mocks__/EncryptorUtils.ts index b406f1b1c..fcd3ff601 100644 --- a/backend/src/password/__mocks__/EncryptorUtils.ts +++ b/backend/src/password/__mocks__/EncryptorUtils.ts @@ -29,7 +29,7 @@ const SecretKeyCryptographyCreateKeyMock = ( password: string, configLoginAppSecret: Buffer, configLoginServerKey: Buffer, -): Uint8Array[] => { +): bigint => { const state = Buffer.alloc(crypto_hash_sha512_STATEBYTES) crypto_hash_sha512_init(state) crypto_hash_sha512_update(state, Buffer.from(salt)) @@ -53,7 +53,7 @@ const SecretKeyCryptographyCreateKeyMock = ( const encryptionKeyHash = Buffer.alloc(crypto_shorthash_BYTES) crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey) - return [new Uint8Array(encryptionKeyHash), new Uint8Array(encryptionKey)] + return encryptionKeyHash.readBigUInt64LE() } const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex') @@ -72,7 +72,7 @@ export const isValidPassword = (password: string): boolean => { export const SecretKeyCryptographyCreateKey = async ( salt: string, password: string, -): Promise => { +): Promise => { try { logger.trace('call worker for: SecretKeyCryptographyCreateKey') if (configLoginServerKey.length !== crypto_shorthash_KEYBYTES) {