fix: Add password salt to the user table

author: Mohamed Bassem <me@mbassem.com> 2025-04-15 19:36:51 +0000
committer: Mohamed Bassem <me@mbassem.com> 2025-04-15 19:36:51 +0000
commit: 7e39afa29f1674df4cac51c7894181f55f66aa12 (patch)
tree: 55caff2f4d14e222a2d9c2b63157d28a438a96e7 /packages/trpc/routers/admin.ts
parent: d7244978e9e99ca20b99a9f751b1bfef77810e94 (diff)
download: karakeep-7e39afa29f1674df4cac51c7894181f55f66aa12.tar.zst
1 files changed, 4 insertions, 3 deletions
diff --git a/packages/trpc/routers/admin.ts b/packages/trpc/routers/admin.ts
index 9b44f7c9..85869ba8 100644
--- a/packages/trpc/routers/admin.ts
+++ b/packages/trpc/routers/admin.ts
@@ -22,7 +22,7 @@ import {
   zAdminCreateUserSchema,
 } from "@karakeep/shared/types/admin";
 
-import { hashPassword } from "../auth";
+import { generatePasswordSalt, hashPassword } from "../auth";
 import { adminProcedure, router } from "../index";
 import { createUser } from "./users";
 
@@ -338,10 +338,11 @@ export const adminAppRouter = router({
           message: "Cannot reset own password",
         });
       }
-      const hashedPassword = await hashPassword(input.newPassword);
+      const newSalt = generatePasswordSalt();
+      const hashedPassword = await hashPassword(input.newPassword, newSalt);
       const result = await ctx.db
         .update(users)
-        .set({ password: hashedPassword })
+        .set({ password: hashedPassword, salt: newSalt })
         .where(eq(users.id, input.userId));
 
       if (result.changes == 0) {
author	Mohamed Bassem <me@mbassem.com>	2025-04-15 19:36:51 +0000
committer	Mohamed Bassem <me@mbassem.com>	2025-04-15 19:36:51 +0000
commit	7e39afa29f1674df4cac51c7894181f55f66aa12 (patch)
tree	55caff2f4d14e222a2d9c2b63157d28a438a96e7 /packages/trpc/routers/admin.ts
parent	d7244978e9e99ca20b99a9f751b1bfef77810e94 (diff)
download	karakeep-7e39afa29f1674df4cac51c7894181f55f66aa12.tar.zst