Fixed error on start up when password is numeric

closes: TryGhost/Ghost#16918 and TryGhost/Ghost#18968 - converted password to String before updating Hash - added test case to cover it
2024-01-02 22:35:41 -03:00 · 2024-01-02 22:35:41 -03:00 · e620e2c282
commit e620e2c282
parent af1551bf8f
2 changed files with 17 additions and 1 deletions
--- a/ghost/security/lib/tokens.js
+++ b/ghost/security/lib/tokens.js
@ -45,7 +45,7 @@ module.exports.resetToken = {

        hash.update(String(expires));
        hash.update(email.toLocaleLowerCase());
-        hash.update(password);
+        hash.update(String(password));
        hash.update(String(dbHash));

        text += [expires, email, hash.digest('base64')].join('|');
--- a/ghost/security/test/tokens.test.js
+++ b/ghost/security/test/tokens.test.js
@ -20,6 +20,22 @@ describe('Utils: tokens', function () {
        token.length.should.be.above(0);
    });

+    it('generate allow numeric password', function () {
+        const expires = Date.now() + 60 * 1000;
+        const dbHash = uuid.v4();
+        let token;
+
+        token = security.tokens.resetToken.generateHash({
+            email: 'test1@ghost.org',
+            expires: expires,
+            password: 123456,
+            dbHash: dbHash
+        });
+
+        should.exist(token);
+        token.length.should.be.above(0);
+    });
+
    it('compare: success', function () {
        const expires = Date.now() + 60 * 1000;
        const dbHash = uuid.v4();