Skip to content
Snippets Groups Projects
Commit 719ac966 authored by Brian Warner's avatar Brian Warner Committed by Lloyd Hilaiel
Browse files

authenticate_user: factor out updateHash code

After the user is authenticated, we might update the hashed password if
the bcrypt work factor has been changed. To simplify the code in
preparation for later changes, this patch extracts the updateHash() code
out to a separate function.

Note that this function must run *after* the `res.json()` call for two
reasons. The first is to avoid slowing down the client (send answer
first, do work later). The second is to get the right session cookie
into the POST that we send to ourselves (to /wsapi/update_password) that
does the actual hash updated. The session is updated in
wsapi.authenticateSession, but the cookie isn't regenerated until the
call to `res.json()`, and the POST is sneakily grabbing the cookie out
of the response's Set-Cookie header to copy into the request-to-self.
parent b473c4dd
No related branches found
No related tags found
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment