diff options
Diffstat (limited to 'packages/trpc/auth.ts')
| -rw-r--r-- | packages/trpc/auth.ts | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/packages/trpc/auth.ts b/packages/trpc/auth.ts index 1c3b860d..caf8e182 100644 --- a/packages/trpc/auth.ts +++ b/packages/trpc/auth.ts @@ -93,6 +93,12 @@ export async function validatePassword(email: string, password: string) { }); if (!user) { + // Run a bcrypt comparison anyways to hide the fact of whether the user exists or not (protecting against timing attacks) + await bcrypt.compare( + password + + "b6bfd1e907eb40462e73986f6cd628c036dc079b101186d36d53b824af3c9d2e", + "a-dummy-password-that-should-never-match", + ); throw new Error("User not found"); } |