[Bug]: Password Login For User created via OIDC crashes server

[mark-monteiro]

Describe the issue

Attempting to login with a username/password as a user that was automatically created as part of the OIDC login process causes the server to crash. This is specifically for a user for whom a password was never set.

Steps to reproduce the issue

1. Log in via OIDC to automatically create a new user
2. Log out
3. Try to log in again using username/password with the username created in step 1 (Use the /login/?autoLaunch=0 path if necessary to do so). The password can be blank, or some random string, it doesn't matter (this user doesn't have a password set anyway)
4. Server crashes (see log below)

audiobookshelf-audiobookshelf-1  | Config /config /metadata
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:47.944] INFO: === Starting Server ===
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:47.960] INFO: [Server] Init v2.6.0
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:47.965] INFO: [Database] Initializing db at "/config/absdatabase.sqlite"
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.004] INFO: [Database] Db connection was successful
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.137] INFO: [Database] Db initialized with models: user, library, libraryFolder, book, podcast, podcastEpisode, libraryItem, mediaProgress, series, bookSeries, author, bookAuthor, collection, collectionBook, playlist, playlistMediaItem, device, playbackSession, feed, feedEpisode, setting
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.203] INFO: [BackupManager] 0 Backups Found
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.204] INFO: [BackupManager] Auto Backups are disabled
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.205] INFO: [LogManager] Init current daily log filename: 2023-12-02.txt
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.226] INFO: [Watcher] Initializing watcher for "Audiobooks".
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.228] INFO: [Watcher] Initializing watcher for "EBooks".
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.228] INFO: [Watcher] Initializing watcher for "Comics".
audiobookshelf-audiobookshelf-1  | Warning: connect.session() MemoryStore is not
audiobookshelf-audiobookshelf-1  | designed for a production environment, as it will leak
audiobookshelf-audiobookshelf-1  | memory, and will not scale past a single process.
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.239] INFO: Listening on port :80
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.274] INFO: [Watcher] "Comics" Ready
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.355] INFO: [Watcher] "EBooks" Ready
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.406] INFO: [Watcher] "Audiobooks" Ready
audiobookshelf-audiobookshelf-1  | [2023-12-02 03:13:48.593] INFO: [SocketAuthority] Socket Connected SNCjcMCwM0ek2R9MAAAB
audiobookshelf-audiobookshelf-1  | /server/libs/bcryptjs/index.js:31
audiobookshelf-audiobookshelf-1  | c){e(function(b,d){b?c(b):a(d)})})};m.compareSync=function(a,b){if("string"!==typeof a||"string"!==typeof b)throw Error("Illegal arguments: "+typeof a+", "+typeof b);return 60!==b.length?!1:g(m.hashSync(a,b.substr(0,b.length-31)),b)};m.compare=function(a,b,h,c){function e(f){"string"!==typeof a||"string"!==typeof b?r(f.bind(this,Error("Illegal arguments: "+typeof a+", "+typeof b))):60!==b.length?r(f.bind(this,null,!1)):m.hash(a,b.substr(0,29),function(a,c){a?f(a):f(null,g(c,b))},c)}if(h){if("function"!==
audiobookshelf-audiobookshelf-1  |                                                                                                                                                                                                                                                                                                                                            ^
audiobookshelf-audiobookshelf-1  |
audiobookshelf-audiobookshelf-1  | Error: Illegal arguments: string, object
audiobookshelf-audiobookshelf-1  |     at e (/server/libs/bcryptjs/index.js:31:332)
audiobookshelf-audiobookshelf-1  |     at /server/libs/bcryptjs/index.js:32:96
audiobookshelf-audiobookshelf-1  |     at new Promise (<anonymous>)
audiobookshelf-audiobookshelf-1  |     at Object.m.compare (/server/libs/bcryptjs/index.js:32:70)
audiobookshelf-audiobookshelf-1  |     at Auth.localAuthCheckUserPw (/server/Auth.js:525:34)
audiobookshelf-audiobookshelf-1 exited with code 0

Audiobookshelf version

v2.6.0

How are you running audiobookshelf?

Docker

[gdunstone]

In with the fix implemented here, what happens when a user tries to log in using a password when their account is created using OIDC?

Does it just reject the login?

How do mobile app users who's accounts have been created using OIDC log in?

[advplyr]

Yes it will be rejected because the user doesn't have a password. They will have to login with OIDC unless you set a password for them and also allow password logins.

[gdunstone]

I meant that the mobile app doesnt have an option to login with OIDC

[advplyr]

It does if you are using the most recent version

[advplyr]

Fixed in v2.7.0