-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No salt value stored in mongodb collection!. #96
Comments
Similar issue here, salt and hash are actually stored in mongodb but mongoose doesn't fetch the values because they're not in the schema. |
I'm working on a fix for that (at the moment writing a test to cover this issue) without selecting those fields per default (=fetch then from MongoDB during authenticate when not available yet). The cause is that the salt & hash fields are defined with "select: false" and therefore the model fetched by mongoose does no longer contain the fields for comparison. Tricky thing is that the tests do not cover this issue because in the tests the user instance gets created and the authentication is run against the in-memory object (which contains the fields from the setPassword call in setup) and not a clean fetched user instance from MongoDB. |
Manually reverted the pull request in question. Released 1.2.0 |
+1 The need to hit the database in "authenticate" is in relation to the security implications more then acceptable. |
👍 |
3.0.0 seems to solve this. |
I think this issue could be closed. Should I close this issue? or @saintedlama should do this? |
Thanks for reminding me to close the issue 💃 |
After upgrading to 1.0.2 I got:
Connection closed: 401 - Authentication failed: Authentication not possible. No salt value stored in mongodb collection!
Workaround: use 1.0.1
Seems that smth was broked between 1.0.1 & 1.0.2
The text was updated successfully, but these errors were encountered: