Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Optionally Include password in the params.query object passed to User.find() #171
I have a DB that requires userName and Password to verify the user record. The user service only receives the userName now. The password is left off. I understand that it isn't necessary for most systems. But it is for mine.
How about a config option to include password in params.query?
If I am not mistaken, a little code could be added right here
maybe something like this?
Would you consider a pull request with this?
In this DB The passwords are stored hashed, but I can't access the hash. All I can do is query the DB with a UserName and Password, if the Password matches I get back the User Record. If it doesn't I do not.
So I query the DB, if the UserRecord comes back I hash the password right then and stick it on the userObject. Then the normal comparison function is happy and generates the token.
A bit of hack I'll grant you but what else can I do :-)