mirror/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-01-06 02:59:54 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: Use safeEqual in VerificationCode verify method (#9915)

Browse Source
This commit is contained in:
Tom Moor
2025-08-13 22:45:11 -04:00
committed by GitHub
parent e8046f0d2f
commit 23106bfce8
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/utils/VerificationCode.ts
View File

@@ -1,6 +1,7 @@
import { randomInt } from "crypto";
import { Minute } from "@shared/utils/time";
import Redis from "@server/storage/redis";
import { safeEqual } from "./crypto";
/**
* This class manages verification codes for email authentication.
@@ -53,9 +54,9 @@ export class VerificationCode {
* @param email The email address associated with the code
* @returns Promise resolving to the code or null if not found
*/
public static async retrieve(email: string): Promise<string | null> {
public static async retrieve(email: string): Promise<string | undefined> {
const key = this.getKey(email);
return await this.redis.get(key);
return (await this.redis.get(key)) ?? undefined;
}
/**
@@ -67,7 +68,7 @@ export class VerificationCode {
*/
public static async verify(email: string, code: string): Promise<boolean> {
const storedCode = await this.retrieve(email);
return storedCode === code;
return safeEqual(storedCode, code);
}
/**