groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

GRO-1636: fix scrypt keylen=64 and add email+password UAT test cases
CI / Test (pull_request) Successful in 25s
Details
CI / E2E Tests (pull_request) Failing after 48s
Details
CI / Build (pull_request) Successful in 24s
Details
CI / Lint & Typecheck (pull_request) Successful in 23s
Details
CI / Build & Push Docker Images (pull_request) Has been skipped
Details
CI / Update Infra Image Tags (pull_request) Has been skipped
Details
CI / Web E2E (Dev) (pull_request) Has been cancelled
Details
CI / Deploy PR to groombook-dev (pull_request) Has been cancelled
Details

Browse Source 
1. Fix scrypt keylen: positional arg is output key length, not N cost.
   Correct call: scrypt(pass, salt, 64, {N:16384, r:8, p:1})
   This produces a 64-byte key matching Better Auth's expected format.

2. Update UAT_PLAYBOOK.md §4.1 with 6 new email+password login test
   cases covering all 4 UAT personas (super, groomer, customer, tester),
   renumbered session/logout/RBAC tests, and a reset-cycle survival test.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Flea Flicker
2026-05-23 20:41:30 +00:00
parent 4ec2885b09
commit 964c63bbdf
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/db/src/seed.ts
+3 -3
View File
@@ -512,7 +512,7 @@ async function seedKnownUsers() {
// ── Better Auth credential accounts for UAT personas ─────────────────────
// Creates user + account rows so UAT personas can email+password login.
// Uses the same scrypt config as better-auth (N=16384, r=8, p=1, dkLen=64).
// Uses the same scrypt config as better-auth (keylen=64, N=16384, r=8, p=1).
const uatCredAccounts: Array<{ email: string; passwordEnvKey: string; staffId: string }> = [
{ email: "uat-super@groombook.dev", passwordEnvKey: "SEED_UAT_SUPER_PASSWORD", staffId: "00000000-0000-0000-0000-000000000003" },
{ email: "uat-groomer@groombook.dev", passwordEnvKey: "SEED_UAT_GROOMER_PASSWORD", staffId: "00000000-0000-0000-0000-000000000004" },
@@ -539,12 +539,12 @@ async function seedKnownUsers() {
userId = existingUser.id;
console.log(`✓ Better Auth user '${acct.email}' already exists — skipping`);
} else {
// Hash with same scrypt params as better-auth: N=16384, r=8, p=1, dkLen=64
// Hash with same scrypt params as better-auth: keylen=64, N=16384, r=8, p=1
// Use Promise-based scrypt API (callback pattern, wrapped in Promise)
const salt = randomBytes(16);
const key = await new Promise<Buffer>((resolve, reject) => {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
scrypt(password.normalize("NFKC"), salt, 16384, { r: 8, p: 1, dkLen: 64 } as any, (err: Error | null, derivedKey: Buffer) => {
scrypt(password.normalize("NFKC"), salt, 64, { N: 16384, r: 8, p: 1 } as any, (err: Error | null, derivedKey: Buffer) => {
if (err) reject(err);
else resolve(derivedKey);
});