From 075eb8b33918d48ed752b514b6c3aada7d54c944 Mon Sep 17 00:00:00 2001
From: pilcrow <pilcrowonpaper@gmail.com>
Date: Sun, 28 Jan 2024 18:28:11 +0900
Subject: [PATCH] Fix `LegacyScrypt` (#1370)

---
 .auri/$e3mj84c4.md                |  6 ++++++
 packages/lucia/src/crypto.test.ts | 11 ++++++++++-
 packages/lucia/src/crypto.ts      |  2 +-
 3 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 .auri/$e3mj84c4.md

diff --git a/.auri/$e3mj84c4.md b/.auri/$e3mj84c4.md
new file mode 100644
index 000000000..4ea49c263
--- /dev/null
+++ b/.auri/$e3mj84c4.md
@@ -0,0 +1,6 @@
+---
+package: "lucia" # package name
+type: "patch" # "major", "minor", "patch"
+---
+
+Fix `LegacyScrypt` generating malformed hash (see PR for fix)
\ No newline at end of file
diff --git a/packages/lucia/src/crypto.test.ts b/packages/lucia/src/crypto.test.ts
index c51335183..57668c7aa 100644
--- a/packages/lucia/src/crypto.test.ts
+++ b/packages/lucia/src/crypto.test.ts
@@ -1,5 +1,5 @@
 import { test, expect } from "vitest";
-import { Scrypt } from "./crypto.js";
+import { Scrypt, LegacyScrypt } from "./crypto.js";
 import { encodeHex } from "oslo/encoding";
 
 test("validateScryptHash() validates hashes generated with generateScryptHash()", async () => {
@@ -10,3 +10,12 @@ test("validateScryptHash() validates hashes generated with generateScryptHash()"
 	const falsePassword = encodeHex(crypto.getRandomValues(new Uint8Array(32)));
 	await expect(scrypt.verify(hash, falsePassword)).resolves.toBe(false);
 });
+
+test("LegacyScrypt", async () => {
+	const password = encodeHex(crypto.getRandomValues(new Uint8Array(32)));
+	const scrypt = new LegacyScrypt();
+	const hash = await scrypt.hash(password);
+	await expect(scrypt.verify(hash, password)).resolves.toBe(true);
+	const falsePassword = encodeHex(crypto.getRandomValues(new Uint8Array(32)));
+	await expect(scrypt.verify(hash, falsePassword)).resolves.toBe(false);
+})
\ No newline at end of file
diff --git a/packages/lucia/src/crypto.ts b/packages/lucia/src/crypto.ts
index 5c7e58439..6670a909c 100644
--- a/packages/lucia/src/crypto.ts
+++ b/packages/lucia/src/crypto.ts
@@ -42,7 +42,7 @@ export class LegacyScrypt implements PasswordHashingAlgorithm {
 	async hash(password: string): Promise<string> {
 		const salt = encodeHex(crypto.getRandomValues(new Uint8Array(16)));
 		const key = await generateScryptKey(password.normalize("NFKC"), salt);
-		return `${salt}:${encodeHex(key)}`;
+		return `s2:${salt}:${encodeHex(key)}`;
 	}
 	async verify(hash: string, password: string): Promise<boolean> {
 		const parts = hash.split(":");