firebase-admin-node
firebase-admin-node copied to clipboard
firebase
Invalid hash rounds for round = 0 and for algorithms PBKDF_SHA1 / PBKDF2_SHA256
Describe your environment
- Operating System version: macOS Big Sur v11.2.3
- Firebase SDK version: 9.6.0
- Firebase Product: auth
- Node.js version: 15.14.0
- NPM version: 7.9.0
Describe the problem
Steps to reproduce:
At function admin.auth().importUsers(), set hash options to "algorithm" PBKDF_SHA1 or PBKDF2_SHA256 and "rounds" equals to 0. Rounds value equals to zero is being considered invalid. Documentation states that values between 0 and 120000 are possible.
Server returning this error:
errorInfo: {
code: 'auth/internal-error',
message: 'An internal error has occurred. Raw server response: "{"error":{"code":400,"message":"INVALID_HASH_ROUNDS","errors":[{"message":"INVALID_HASH_ROUNDS","domain":"global","reason":"invalid"}]}}"'
},
codePrefix: 'auth'
Relevant Code:
admin
.auth()
.importUsers(
[
{
uid: 'some-uid',
email: '[email protected]',
// Must be provided in a byte buffer.
passwordHash: Buffer.from('password-hash'),
// Must be provided in a byte buffer.
passwordSalt: Buffer.from('salt'),
},
],
{
hash: {
algorithm: 'PBKDF2_SHA256',
rounds: 0,
},
}
)
.then((results) => {
results.errors.forEach((indexedError) => {
console.log(`Error importing user ${indexedError.index}`);
});
})
.catch((error) => {
console.log('Error importing users :', error);
});
Hmm, after some investigation, our backend does not support zero rounds values. Unfortunately, this was copied from the CLI implementation. We will need to make some changes to reflect this. I don't believe a 0 value is used in practice which may explain why this did not surface until now.
