-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changed User.create signature to accept a hash, added a couple of utilit... #820
Conversation
…lity functions as well
oops - this commit's message should read: " password should NOT be passed ... " |
Awesome -- we're going to merge this in after 0.3.0 lands, since it does not fix any pressing issues. |
ping (just a reminder) |
@@ -35,7 +35,7 @@ var user = require('./user'), | |||
}); | |||
} | |||
|
|||
bcrypt.compare(password, userData.password, function(err, res) { | |||
bcrypt.compare(password, userData.password || '', function(err, res) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the || '' for? If their pwd is undefined they should just be rejected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember hitting this statement with a NULL password somehow, if the pwd is null, bcrypt.compare
crashed NodeBB.. but now that I look at it again, I think that was caused by a bug that I introduced then fixed with the before-last commit.
I'll take that out
Am I right in assuming that |
Food for thought, it is possible that "trust proxy" could be inferred from the existing config values:
Let me know if I'm wrong 😄 |
actually i think you're right. but why |
Perhaps I'm wrong, so I suppose let's take out the |
Oh ok, i think it's safe to take out the I know I wasn't in love with adding another option in |
oh what about |
You know, I'd prefer if people didn't simply set up NodeBB with port 80 or 443 and run it as root, but what can you do? We should add the 443 there as well. No rush -- I'll wait for your PR tonight. |
...y functions as well, also added a new hook
filter:user.create
.EDIT: also added a new config
use_proxy
- I wasn't sure where exactly you would prefer that config to live, feel free to either move it or suggest a better place (db maybe?) - but it does require a restart, so I figured theconfig.json
is not a bad idea.