feat: check for empty str in isHashMatch

coder · Jun 8, 2021 · 4e074f8 · 4e074f8
1 parent 3b50bfc
commit 4e074f8
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/src/node/cli.ts b/src/node/cli.ts
@@ -263,6 +263,7 @@ export const parse = (
     if (opts?.configFile) {
       msg = `error reading ${opts.configFile}: ${msg}`
     }
+
     return new Error(msg)
   }
 
@@ -286,6 +287,13 @@ export const parse = (
         const split = splitOnFirstEquals(arg.replace(/^--/, ""))
         key = split[0] as keyof Args
         value = split[1]
+      } else {
+        const short = arg.replace(/^-/, "")
+        const pair = Object.entries(options).find(([, v]) => v.short === short)
+        if (pair) {
+          key = pair[0] as keyof Args
+        }
+      }
 
       if (!key || !options[key]) {
         throw error(`Unknown option ${arg}`)

diff --git a/src/node/util.ts b/src/node/util.ts
@@ -134,6 +134,9 @@ export const hash = async (password: string): Promise<string> => {
  * Used to verify if the password matches the hash
  */
 export const isHashMatch = async (password: string, hash: string) => {
+  if (password === "" || hash === "") {
+    return false
+  }
   try {
     return await argon2.verify(hash, password)
   } catch (error) {

diff --git a/test/unit/node/util.test.ts b/test/unit/node/util.test.ts
@@ -185,6 +185,18 @@ describe("isHashMatch", () => {
     const actual = await isHashMatch(password, _hash)
     expect(actual).toBe(true)
   })
+  it("should return false if the password is empty", async () => {
+    const password = ""
+    const _hash = "$argon2i$v=19$m=4096,t=3,p=1$EAoczTxVki21JDfIZpTUxg$rkXgyrW4RDGoDYrxBFD4H2DlSMEhP4h+Api1hXnGnFY"
+    const actual = await isHashMatch(password, _hash)
+    expect(actual).toBe(false)
+  })
+  it("should return false if the hash is empty", async () => {
+    const password = "hellowpasssword"
+    const _hash = ""
+    const actual = await isHashMatch(password, _hash)
+    expect(actual).toBe(false)
+  })
 })
 
 describe("hashLegacy", () => {
@@ -325,7 +337,7 @@ describe("handlePasswordValidation", () => {
   })
 })
 
-describe.only("isCookieValid", () => {
+describe("isCookieValid", () => {
   it("should be valid if hashed-password for SHA256 matches cookie.key", async () => {
     const isValid = await isCookieValid({
       passwordMethod: "SHA256",
@@ -384,7 +396,7 @@ describe.only("isCookieValid", () => {
   })
 })
 
-describe.only("sanitizeString", () => {
+describe("sanitizeString", () => {
   it("should return an empty string if passed a type other than a string", () => {
     expect(sanitizeString({} as string)).toBe("")
   })