|
@@ -1,3 +1,5 @@
|
|
|
|
|
+const bcrypt = require('bcryptjs-then')
|
|
|
|
|
+
|
|
|
/* global WIKI */
|
|
/* global WIKI */
|
|
|
|
|
|
|
|
// ------------------------------------
|
|
// ------------------------------------
|
|
@@ -28,6 +30,9 @@ module.exports = {
|
|
|
done(null, user)
|
|
done(null, user)
|
|
|
}
|
|
}
|
|
|
} else {
|
|
} else {
|
|
|
|
|
+ // Fake verify password to mask timing differences
|
|
|
|
|
+ await bcrypt.compare((Math.random() + 1).toString(36), '$2a$12$irXbAcQSY59pcQQfNQpY8uyhfSw48nzDikAmr60drI501nR.PuBx2')
|
|
|
|
|
+
|
|
|
done(new WIKI.Error.AuthLoginFailed(), null)
|
|
done(new WIKI.Error.AuthLoginFailed(), null)
|
|
|
}
|
|
}
|
|
|
} catch (err) {
|
|
} catch (err) {
|
NGPixel