Password hash is not saved when accepting an invite

[grahamorrell]

Preflight Checklist

• I have completed all Troubleshooting Steps.
• I'm on the latest version of Directus.
• There's no other issue that already describes my problem.

Describe the Bug

When I invite a user to the project (by email) and they click the link and enter a password it says "Account Created Successfully". However the "password" field for their record in directus_users is set to {}. They then (obviously) can't sign in using their password. If they log in via Google and change their password from their User Profile screen, the password is correctly saved, and they can now log in via email or Google. Its just that initial account creation which isn't working properly.

To Reproduce

• Invite a user via email
• Accept the invite
• Enter a password and click create
• Query the password hash in the directus_users table - it is { }

What version of Directus are you using?

v9.0.0-rc.93

What version of Node.js are you using?

15.14.0

What database are you using?

Postgres 13

What browser are you using?

Edge

What operating system are you using?

Windows

How are you deploying Directus?

Locally

[aidenfoxx]

This should be fixed in #6942

[azrikahar]

It should be the missing await in this line (oversight in #7755), which was the finding @grahamorrell shared earlier in the Discord server:

directus/api/src/services/users.ts

Line 342 in 062d99b

const passwordHashed = generateHash(password);

[aidenfoxx]

@azrikahar #6942 fixes this by using the UsersService to update the user information, which is the preferred way to handle this as it enforced password security requirements.

[rijkvanzanten]

Fixed in #6942