From 522551539c4f6f4b30dd6daea04ab3bd2b765050 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 10 Aug 2012 18:08:50 -0600
Subject: [PATCH] move hash update later in authenticate_user call, as session
 cookie must be updated for bcrypt hash update to succeed.

---
 lib/wsapi/authenticate_user.js | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/wsapi/authenticate_user.js b/lib/wsapi/authenticate_user.js
index e867e8df4..54ee33e9b 100644
--- a/lib/wsapi/authenticate_user.js
+++ b/lib/wsapi/authenticate_user.js
@@ -70,15 +70,15 @@ exports.process = function(req, res) {
                                       config.get('ephemeral_session_duration_ms')
                                       : config.get('authentication_duration_ms')
                                     }, function(err) {
-                                     if (err)
-                                       return wsapi.databaseDown(res, err);
-                                     res.json({ success: true, userid: uid });
+                                      if (err)
+                                        return wsapi.databaseDown(res, err);
+                                      res.json({ success: true, userid: uid });
+
+                                      // if the work factor has changed, update the hash here.  issue #204
+                                      // NOTE: this runs asynchronously and will not delay the response
+                                      if (config.get('bcrypt_work_factor') != bcrypt.getRounds(hash))
+                                        updateHash(req, res, uid, hash);
                                     });
-
-          // if the work factor has changed, update the hash here.  issue #204
-          // NOTE: this runs asynchronously and will not delay the response
-          if (config.get('bcrypt_work_factor') != bcrypt.getRounds(hash))
-            updateHash(req, res, uid, hash);
         }
       });
     });
-- 
GitLab