Skip to content

Commit 0974e06

Browse files
jsjoeiojsjoeio
committed
feat: add isCookieValid function and tests
1 parent a8ded7e commit 0974e06

File tree

2 files changed

+86
-1
lines changed

2 files changed

+86
-1
lines changed

src/node/util.ts

+25
Original file line numberDiff line numberDiff line change
@@ -249,6 +249,31 @@ export async function handlePasswordValidation(
249249
return passwordValidation
250250
}
251251

252+
export type IsCookieValidArgs = {
253+
passwordMethod: PasswordMethod
254+
cookieKey: string
255+
hashedPasswordFromArgs: string | undefined
256+
passwordFromArgs: string | undefined
257+
}
258+
259+
/** Checks if a req.cookies.key is valid using the PasswordMethod */
260+
export async function isCookieValid(isCookieValidArgs: IsCookieValidArgs): Promise<boolean> {
261+
let isValid = false
262+
const { passwordFromArgs = "", cookieKey, hashedPasswordFromArgs = "" } = isCookieValidArgs
263+
switch (isCookieValidArgs.passwordMethod) {
264+
case "PLAIN_TEXT":
265+
isValid = await isHashMatch(passwordFromArgs, cookieKey)
266+
break
267+
case "ARGON2":
268+
case "SHA256":
269+
isValid = safeCompare(cookieKey, hashedPasswordFromArgs)
270+
break
271+
default:
272+
break
273+
}
274+
return isValid
275+
}
276+
252277
const mimeTypes: { [key: string]: string } = {
253278
".aac": "audio/x-aac",
254279
".avi": "video/x-msvideo",

test/unit/node/util.test.ts

+61-1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import {
66
getPasswordMethod,
77
hashLegacy,
88
isHashLegacyMatch,
9+
isCookieValid,
910
} from "../../../src/node/util"
1011

1112
describe("getEnvPaths", () => {
@@ -234,7 +235,7 @@ describe("getPasswordMethod", () => {
234235
})
235236
})
236237

237-
describe.only("handlePasswordValidation", () => {
238+
describe("handlePasswordValidation", () => {
238239
it("should return true with a hashedPassword for a PLAIN_TEXT password", async () => {
239240
const p = "password"
240241
const passwordValidation = await handlePasswordValidation({
@@ -322,3 +323,62 @@ describe.only("handlePasswordValidation", () => {
322323
expect(matchesHash).toBe(false)
323324
})
324325
})
326+
327+
describe.only("isCookieValid", () => {
328+
it("should be valid if hashed-password for SHA256 matches cookie.key", async () => {
329+
const isValid = await isCookieValid({
330+
passwordMethod: "SHA256",
331+
cookieKey: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af",
332+
hashedPasswordFromArgs: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af",
333+
passwordFromArgs: undefined,
334+
})
335+
expect(isValid).toBe(true)
336+
})
337+
it("should be invalid if hashed-password for SHA256 does not match cookie.key", async () => {
338+
const isValid = await isCookieValid({
339+
passwordMethod: "SHA256",
340+
cookieKey: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb9442bb6f8f8f07af",
341+
hashedPasswordFromArgs: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af",
342+
passwordFromArgs: undefined,
343+
})
344+
expect(isValid).toBe(false)
345+
})
346+
it("should be valid if hashed-password for ARGON2 matches cookie.key", async () => {
347+
const isValid = await isCookieValid({
348+
passwordMethod: "ARGON2",
349+
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
350+
hashedPasswordFromArgs:
351+
"$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
352+
passwordFromArgs: undefined,
353+
})
354+
expect(isValid).toBe(true)
355+
})
356+
it("should be invalid if hashed-password for ARGON2 does not match cookie.key", async () => {
357+
const isValid = await isCookieValid({
358+
passwordMethod: "ARGON2",
359+
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9H",
360+
hashedPasswordFromArgs:
361+
"$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
362+
passwordFromArgs: undefined,
363+
})
364+
expect(isValid).toBe(false)
365+
})
366+
it("should be valid if password for PLAIN_TEXT matches cookie.key", async () => {
367+
const isValid = await isCookieValid({
368+
passwordMethod: "PLAIN_TEXT",
369+
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
370+
passwordFromArgs: "password",
371+
hashedPasswordFromArgs: undefined,
372+
})
373+
expect(isValid).toBe(true)
374+
})
375+
it("should be invalid if hashed-password for PLAIN_TEXT does not match cookie.key", async () => {
376+
const isValid = await isCookieValid({
377+
passwordMethod: "PLAIN_TEXT",
378+
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9H",
379+
passwordFromArgs: "password1234",
380+
hashedPasswordFromArgs: undefined,
381+
})
382+
expect(isValid).toBe(false)
383+
})
384+
})

0 commit comments

Comments
 (0)