From 61dd157ae751901c4561ef20c698f8555fcd75a5 Mon Sep 17 00:00:00 2001
From: malex <mircea.alexandru@gmail.com>
Date: Mon, 23 May 2016 15:55:45 +0300
Subject: [PATCH 1/2] Added test for password as buffer. Update some
 dependencies.

---
 package.json | 2 +-
 user.js      | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index c1cbcd4..f2ebd39 100644
--- a/package.json
+++ b/package.json
@@ -47,7 +47,7 @@
   },
   "dependencies": {
     "eraro": "0.4.1",
-    "lodash": "3.10.1",
+    "lodash": "4.13.x",
     "node-uuid": "1.4.7"
   },
   "devDependencies": {
diff --git a/user.js b/user.js
index c8b8629..52e30e8 100644
--- a/user.js
+++ b/user.js
@@ -623,7 +623,12 @@ module.exports = function user (options) {
       return make_login(user, 'auto')
     }
     else {
-      seneca.act({role: role, cmd: 'verify_password', proposed: args.password, pass: user.pass, salt: user.salt}, function (err, out) {
+      var pass = user.pass
+      if (_.isBuffer(pass)) {
+        pass = pass.toString('utf8')
+      }
+
+      seneca.act({role: role, cmd: 'verify_password', proposed: args.password, pass: pass, salt: user.salt}, function (err, out) {
         if (err) return done(err)
         if (!out.ok) {
           seneca.log.debug('login/fail', why = 'invalid-password', user)

From dce07dda6e2176089055f50e1c3051f09dd200d8 Mon Sep 17 00:00:00 2001
From: Mircea Alexandru <mircea.alexandru@gmail.com>
Date: Tue, 24 May 2016 13:16:48 +0300
Subject: [PATCH 2/2] move buffer procesing to resolve user

---
 user.js | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/user.js b/user.js
index 8f14315..ab0641c 100644
--- a/user.js
+++ b/user.js
@@ -326,6 +326,11 @@ module.exports = function user (options) {
             }
             else return done(null, {ok: false, why: 'user-not-found', nick: q.nick, email: q.email})
           }
+
+          if (_.isBuffer(user.pass)) {
+            user.pass = user.pass.toString('utf8')
+          }
+
           args.user = user
 
           return cmd.call(seneca, args, done)
@@ -623,12 +628,8 @@ module.exports = function user (options) {
       return make_login(user, 'auto')
     }
     else {
-      var pass = user.pass
-      if (_.isBuffer(pass)) {
-        pass = pass.toString('utf8')
-      }
 
-      seneca.act({role: role, cmd: 'verify_password', proposed: args.password, pass: pass, salt: user.salt}, function (err, out) {
+      seneca.act({role: role, cmd: 'verify_password', proposed: args.password, pass: user.pass, salt: user.salt}, function (err, out) {
         if (err) return done(err)
         if (!out.ok) {
           seneca.log.debug('login/fail', why = 'invalid-password', user)