hedgedoc

1227 commits 36 branches 47 tags 158 MiB

Author	SHA1	Message	Date
David Mehren	b4a65b47f0	fix(auth): use sha-512 for auth tokens Bcrypt hashes are too slow to be validated on every request. As our tokens are random and have a fixed length, it is reasonable to use SHA-512 instead. SHA-512 is recommended as cryptographically strong by the BSI: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile Fixes https://github.com/hedgedoc/hedgedoc/issues/1881 Signed-off-by: David Mehren <git@herrmehren.de>	2021-12-09 23:04:00 +01:00
David Mehren	1cc797f13d	Separate private and public API in TestSetup Including both PublicApiModule and PrivateApiModule in the test setup lead to the API routes overwriting each other. This adds a router to separate the APIs as they are in the normal app. Signed-off-by: David Mehren <git@herrmehren.de>	2021-10-15 16:44:43 +02:00

Author

SHA1

Message

Date

David Mehren

b4a65b47f0

fix(auth): use sha-512 for auth tokens

Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>

2021-12-09 23:04:00 +01:00

David Mehren

1cc797f13d

Separate private and public API in TestSetup

Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.

Signed-off-by: David Mehren <git@herrmehren.de>

2021-10-15 16:44:43 +02:00

Renamed from test/public-api/tokens.e2e-spec.ts (Browse further)

2 commits