From 2374939ffb551ab2929d7f9d5827fe6597fa8caa Mon Sep 17 00:00:00 2001
From: timothycarambat <rambat1010@gmail.com>
Date: Fri, 29 Mar 2024 11:47:30 -0700
Subject: [PATCH] security: patch primsa expansion on token request

---
 server/endpoints/system.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index 901276810..2e0eda844 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -105,7 +105,7 @@ function systemEndpoints(app) {
 
       if (await SystemSettings.isMultiUserMode()) {
         const { username, password } = reqBody(request);
-        const existingUser = await User.get({ username });
+        const existingUser = await User.get({ username: String(username) });
 
         if (!existingUser) {
           await EventLogs.logEvent(
@@ -125,7 +125,7 @@ function systemEndpoints(app) {
           return;
         }
 
-        if (!bcrypt.compareSync(password, existingUser.password)) {
+        if (!bcrypt.compareSync(String(password), existingUser.password)) {
           await EventLogs.logEvent(
             "failed_login_invalid_password",
             {
-- 
GitLab