Can't update collections having password field.

[subasshrestha]

Bug Report

We can't update field named with password.

Expected Behavior

The password field should be updated.

Current Behavior

Shows error like: doc.setPassword is not a function

Possible Solution

Steps to Reproduce

1. Create a normal collection having a field password
2. Add this collection in config
3. Run project and create a data in this collection.
4. Then, try to update the values, you will get error.

Detailed Description

[jmikrut]

Hey @subasshrestha - thanks for pointing this out. The password field name is internally reserved by Payload, so this is sort of expected not to work - but it might not need to be that way. We could only reserve that field name for auth-enabled collections instead.

Out of curiosity, can I ask what you’re using that field for?

[subasshrestha]

I am trying to separate admin users and normal users by two different collections.
Since, password field is reserved, I will rename this field in normal user collections.

[jmikrut]

@subasshrestha —

You should use the Payload auth functionality on both your admin and normal users' collections. With Payload, you can have more than one auth-enabled collection.

Make sure to never store user passwords in plaintext in the database - using Payload's built in methods will be much easier for you - and more secure.

Can you do that? Or am I misunderstanding?

[subasshrestha]

Yeah, I understood your point. But, I have implemented own auth mechanism for normal user with JWT and password is already hashed with bcryptjs. And, I just want to CRUD normal user from admin panel. So, i will update password field name to some other name and will use hook to hash password using bcryptjs for create/update operation.

[JarrodMFlesch]

@subasshrestha is there a reason you are not using the built in collection authentication? It has worked great for me out of the box, handling multiple user collections and has saved me a ton of time not having to roll my own auth solution.

[subasshrestha]

I already have login/signup functionality implemented for normal user. So, if i use collection auth and create a user from admin panel, i can't login on existing route.

[JarrodMFlesch]

@subasshrestha that is true, you would not be able to use the existing routes that you have created. However, you could use the payload routes that are automatically generated for you when you enable auth on a collection.

Enabling auth on a collection, will create routes for you so you can perform authentication easily. Login, Logout, Refresh routes can be found here.

Along with those, it also enables forgot-password and reset-password routes, which are pretty handy and all you need to do is provide a transport which can be found here

So, if i use collection auth and create a user from admin panel, i can't login on existing route.

If you created 2 collections with the following slugs normal-users & admin-users, you would be able to use the auto-generated payload routes like so

Normal users

• domain.com/api/normal-users (A POST request will create a new user of this collection type, when you send password & email in the body of the request)
• domain.com/api/normal-users/login
• domain.com/api/normal-users/logout

Admin users

• domain.com/api/admin-users (A POST request will create a new user of this collection type, when you send password & email in the body of the request)
• domain.com/api/admin-users/login
• domain.com/api/admin-users/logout

Maybe I am misunderstanding what you are trying to accomplish. But I am just trying to save you from doing extra work than you need to, where payload already does what you are looking to do with your custom routes!

[subasshrestha]

Okay, I got it. Thank you all for your support.

[github-actions]

This issue has been automatically locked.
Please open a new issue if this issue persists with any additional detail.