move hash update later in authenticate_user call, as session cookie must be...

move hash update later in authenticate_user call, as session cookie must be updated for bcrypt hash update to succeed.

move hash update later in authenticate_user call, as session cookie must be...
move hash update later in authenticate_user call, as session cookie must be updated for bcrypt hash update to succeed.
52255153 · Lloyd Hilaiel · 588e329a · 52255153
Commit 52255153 authored 12 years ago by Lloyd Hilaiel
--- a/lib/wsapi/authenticate_user.js
+++ b/lib/wsapi/authenticate_user.js
@@ -70,15 +70,15 @@ exports.process = function(req, res) {
                                      config.get('ephemeral_session_duration_ms')
                                      : config.get('authentication_duration_ms')
                                    }, function(err) {
-                                     if (err)
+                                      if (err)
-                                       return wsapi.databaseDown(res, err);
+                                        return wsapi.databaseDown(res, err);
-                                     res.json({ success: true, userid: uid });
+                                      res.json({ success: true, userid: uid });
+                                      // if the work factor has changed, update the hash here.  issue #204
+                                      // NOTE: this runs asynchronously and will not delay the response
+                                      if (config.get('bcrypt_work_factor') != bcrypt.getRounds(hash))
+                                        updateHash(req, res, uid, hash);
                                    });
-          // if the work factor has changed, update the hash here.  issue #204
-          // NOTE: this runs asynchronously and will not delay the response
-          if (config.get('bcrypt_work_factor') != bcrypt.getRounds(hash))
-            updateHash(req, res, uid, hash);
        }
      });
    });