Adapt Elastic error logs (no more flood) and prevent any number param…

… in bcrypt hash
OpenCTI-Platform · Sep 5, 2019 · 49eed88 · 49eed88
1 parent a115bb8
commit 49eed88
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/opencti-platform/opencti-graphql/src/database/elasticSearch.js b/opencti-platform/opencti-graphql/src/database/elasticSearch.js
@@ -401,7 +401,10 @@ export const getAttributes = (indexName, id) => {
       return data.body._source;
     })
     .catch(e => {
-      logger.error(`[ELASTICSEARCH] getAttributes > error getting ${id}`, e);
+      if (e.meta.statusCode !== 404) {
+        // If another error than not found.
+        logger.error(`[ELASTICSEARCH] getAttributes > error getting ${id}`, e);
+      }
       return null;
     });
 };
diff --git a/opencti-platform/opencti-graphql/src/domain/user.js b/opencti-platform/opencti-graphql/src/domain/user.js
@@ -169,7 +169,7 @@ export const addUser = async (
     has email "${escapeString(newUser.email)}",
     ${
       newUser.password
-        ? `has password "${bcrypt.hashSync(newUser.password)}",`
+        ? `has password "${bcrypt.hashSync(newUser.password.toString())}",`
         : ''
     }
     has firstname "${escapeString(newUser.firstname)}",
@@ -332,7 +332,9 @@ export const meEditField = (user, userId, input) => {
     throw new ForbiddenAccess();
   }
   const value =
-    key === 'password' ? [bcrypt.hashSync(head(input.value), 10)] : input.value;
+    key === 'password'
+      ? [bcrypt.hashSync(head(input.value).toString(), 10)]
+      : input.value;
   const finalInput = { key, value };
   return updateAttribute(userId, finalInput).then(userToEdit => {
     return notify(BUS_TOPICS.StixDomainEntity.EDIT_TOPIC, userToEdit, user);