]> Piment Noir Git Repositories - e-mobility-charging-stations-simulator.git/commitdiff
repositories / e-mobility-charging-stations-simulator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3a4dfdf)
fix(ui-server): use timing-safe credential comparison
authorJérôme Benoit <jerome.benoit@sap.com>
Wed, 11 Feb 2026 15:42:24 +0000 (16:42 +0100)
committerJérôme Benoit <jerome.benoit@sap.com>
Thu, 12 Feb 2026 17:49:17 +0000 (18:49 +0100)
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
src/charging-station/ui-server/AbstractUIServer.ts patch | blob | blame | history

diff --git a/src/charging-station/ui-server/AbstractUIServer.ts b/src/charging-station/ui-server/AbstractUIServer.ts
index 312a97c4aab93dc8146a9f8e55528a0c5673fe5a..f9d2aa0dff0378864d1eadf0c0001134f17d1e83 100644 (file)
--- a/src/charging-station/ui-server/AbstractUIServer.ts
+++ b/src/charging-station/ui-server/AbstractUIServer.ts
@@ -23,6 +23,7 @@ import {
 import { isEmpty, logger } from '../../utils/index.js'
 import { UIServiceFactory } from './ui-services/UIServiceFactory.js'
 import { getUsernameAndPasswordFromAuthorizationToken } from './UIServerUtils.js'
+import { isValidCredential } from './UIServerSecurity.js'
 
 const moduleName = 'AbstractUIServer'
 
@@ -226,8 +227,8 @@ export abstract class AbstractUIServer {
 
   private isValidUsernameAndPassword (username: string, password: string): boolean {
     return (
-      this.uiServerConfiguration.authentication?.username === username &&
-      this.uiServerConfiguration.authentication.password === password
+      isValidCredential(username, this.uiServerConfiguration.authentication?.username ?? '') &&
+      isValidCredential(password, this.uiServerConfiguration.authentication?.password ?? '')
     )
   }
 
Charging stations simulator mirror - https://github.com/SAP/e-mobility-charging-stations-simulator