Changed User.create signature to accept a hash, added a couple of utilit... #820
Conversation
…lity functions as well
|
oops - this commit's message should read: " password should NOT be passed ... " |
|
Awesome -- we're going to merge this in after 0.3.0 lands, since it does not fix any pressing issues. |
|
ping (just a reminder) |
| @@ -35,7 +35,7 @@ var user = require('./user'), | |||
| }); | |||
| } | |||
|
|
|||
| bcrypt.compare(password, userData.password, function(err, res) { | |||
| bcrypt.compare(password, userData.password || '', function(err, res) { | |||
There was a problem hiding this comment.
What is the || '' for? If their pwd is undefined they should just be rejected?
There was a problem hiding this comment.
I remember hitting this statement with a NULL password somehow, if the pwd is null, bcrypt.compare crashed NodeBB.. but now that I look at it again, I think that was caused by a bug that I introduced then fixed with the before-last commit.
I'll take that out
|
Am I right in assuming that |
|
Food for thought, it is possible that "trust proxy" could be inferred from the existing config values: Let me know if I'm wrong 😄 |
|
actually i think you're right. but why |
|
Perhaps I'm wrong, so I suppose let's take out the |
|
Oh ok, i think it's safe to take out the I know I wasn't in love with adding another option in |
|
oh what about |
|
You know, I'd prefer if people didn't simply set up NodeBB with port 80 or 443 and run it as root, but what can you do? We should add the 443 there as well. No rush -- I'll wait for your PR tonight. |
...y functions as well, also added a new hook
filter:user.create.EDIT: also added a new config
use_proxy- I wasn't sure where exactly you would prefer that config to live, feel free to either move it or suggest a better place (db maybe?) - but it does require a restart, so I figured theconfig.jsonis not a bad idea.