From 8aefa058b887d1ccdd3ffb724628cf8253cbff30 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Wed, 13 Sep 2023 16:13:33 +0200
Subject: [PATCH] Merge pull request #14825 from
 overleaf/jpa-debug-bcrypt-get-rounds

[web] add debug logging for bcrypt.getRounds calls

GitOrigin-RevId: 3fe8dca1d188f4e65d666da19f4bd4697623b7a6
---
 .../Authentication/AuthenticationManager.js   | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/services/web/app/src/Features/Authentication/AuthenticationManager.js b/services/web/app/src/Features/Authentication/AuthenticationManager.js
index 275b028413..665cb80cc8 100644
--- a/services/web/app/src/Features/Authentication/AuthenticationManager.js
+++ b/services/web/app/src/Features/Authentication/AuthenticationManager.js
@@ -70,9 +70,41 @@ const AuthenticationManager = {
       if (!user || !user.hashedPassword) {
         return callback(null, null, null)
       }
+      let rounds = 0
+      try {
+        rounds = bcrypt.getRounds(user.hashedPassword)
+      } catch (err) {
+        let prefix, suffix, length
+        if (typeof user.hashedPassword === 'string') {
+          length = user.hashedPassword.length
+          if (user.hashedPassword.length > 50) {
+            // A full bcrypt hash is 60 characters long.
+            prefix = user.hashedPassword.slice(0, '$2a$12$x'.length)
+            suffix = user.hashedPassword.slice(-4)
+          } else if (user.hashedPassword.length > 20) {
+            prefix = user.hashedPassword.slice(0, 4)
+            suffix = user.hashedPassword.slice(-4)
+          } else {
+            prefix = user.hashedPassword.slice(0, 4)
+          }
+        }
+        logger.warn(
+          {
+            err,
+            userId: user._id,
+            hashedPassword: {
+              type: typeof user.hashedPassword,
+              length,
+              prefix,
+              suffix,
+            },
+          },
+          'unexpected user.hashedPassword value'
+        )
+      }
       Metrics.inc('bcrypt', 1, {
         method: 'compare',
-        path: bcrypt.getRounds(user.hashedPassword),
+        path: rounds,
       })
       bcrypt.compare(password, user.hashedPassword, function (error, match) {
         if (error) {