fix: passwords are correctly checked (#1481)

src/app/core/session/session-service/local-session.ts

@@ -50,9 +50,7 @@ export class LocalSession extends SessionService {
    * @param password Password
    */
   public async login(username: string, password: string): Promise<LoginState> {
-    const user: LocalUser = JSON.parse(
-      window.localStorage.getItem(username.trim().toLowerCase())
-    );
+    const user = this.getStoredUser(username);
     if (user) {
       if (passwordEqualsEncrypted(password, user.encryptedPassword)) {
         await this.handleSuccessfulLogin(user);
@@ -65,6 +63,11 @@ export class LocalSession extends SessionService {
     return this.loginState.value;
   }
 
+  private getStoredUser(username: string): LocalUser {
+    const stored = window.localStorage.getItem(username.trim().toLowerCase());
+    return JSON.parse(stored);
+  }
+
   public async handleSuccessfulLogin(userObject: DatabaseUser) {
     this.currentDBUser = userObject;
     await this.initializeDatabaseForCurrentUser();
@@ -142,7 +145,7 @@ export class LocalSession extends SessionService {
   }
 
   public checkPassword(username: string, password: string): boolean {
-    const user: LocalUser = JSON.parse(window.localStorage.getItem(username));
+    const user = this.getStoredUser(username);
     return user && passwordEqualsEncrypted(password, user.encryptedPassword);
   }
 

src/app/core/session/session-service/synced-session.service.spec.ts

@@ -263,6 +263,13 @@ describe("SyncedSessionService", () => {
     localStorage.removeItem("[email protected]");
   });
 
+  it("should correctly check the password", () => {
+    localSession.saveUser({ name: "TestUser", roles: [] }, TEST_PASSWORD);
+
+    expect(sessionService.checkPassword("TestUser", TEST_PASSWORD)).toBeTrue();
+    expect(sessionService.checkPassword("TestUser", "wrongPW")).toBeFalse();
+  });
+
   testSessionServiceImplementation(() => Promise.resolve(sessionService));
 
   function passRemoteLogin(response: DatabaseUser = { name: "", roles: [] }) {