Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optionally Include password in the params.query object passed to User.find() #171

Closed
toddgeist opened this Issue Apr 21, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@toddgeist
Copy link

toddgeist commented Apr 21, 2016

I have a DB that requires userName and Password to verify the user record. The user service only receives the userName now. The password is left off. I understand that it isn't necessary for most systems. But it is for mine.

How about a config option to include password in params.query?

If I am not mistaken, a little code could be added right here
https://github.com/feathersjs/feathers-authentication/blob/master/src/services/local/index.js#L22-L26

maybe something like this?

const params = {
   query: {
        [this.options.usernameField]: username
    }
};
//optionally add the password to params.query
if(this.options.includePasswordInQuery){
   params.query[this.options.passwordField] = password
}

Would you consider a pull request with this?

Thanks

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Apr 21, 2016

I think there already was a feature request somewhere to be able to query for different fields. But there still needs to be a password comparison function. How are you comparing your passwords? I assume they aren't just plain text.

@toddgeist

This comment has been minimized.

Copy link
Author

toddgeist commented Apr 21, 2016

In this DB The passwords are stored hashed, but I can't access the hash. All I can do is query the DB with a UserName and Password, if the Password matches I get back the User Record. If it doesn't I do not.

So I query the DB, if the UserRecord comes back I hash the password right then and stick it on the userObject. Then the normal comparison function is happy and generates the token.

A bit of hack I'll grant you but what else can I do :-)

@toddgeist

This comment has been minimized.

Copy link
Author

toddgeist commented Apr 21, 2016

#165 seems related

@ekryski ekryski closed this in #186 Apr 29, 2016

ekryski added a commit that referenced this issue Apr 29, 2016

Allow manipulation of params before checking credentials (#186)
* Allow manipulation of params before checking credentials

Closes #165 Closes #171

* buildCredentials for local auth service

* Move passReqToCallback into defaults

daffl added a commit to feathersjs/feathers that referenced this issue Aug 29, 2018

Allow manipulation of params before checking credentials (#186)
* Allow manipulation of params before checking credentials

Closes feathersjs/authentication#165 Closes feathersjs/authentication#171

* buildCredentials for local auth service

* Move passReqToCallback into defaults

daffl added a commit to feathersjs/feathers that referenced this issue Aug 29, 2018

Allow manipulation of params before checking credentials (#186)
* Allow manipulation of params before checking credentials

Closes feathersjs/authentication#165 Closes feathersjs/authentication#171

* buildCredentials for local auth service

* Move passReqToCallback into defaults
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.