You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PS D:\app> [System.Environment]::OSVersion.Version
Major Minor Build Revision
----- ----- ----- --------
10 0 16299 0
Do you want to request a feature or report a bug? Bug
What is the current behavior?
I create the Strapi app using strapi start. When I adding a user via http://localhost:1337/admin/plugins/content-manager/user/create?source=users-permissions, bcrypt.hash will work (bcryptjs is neither mentioned in the package.json file nor installed in node_modules folder. ), skip the checking process, and save into the database directly as a plain text.
So, when I tried to log in via POST http://localhost:1337/auth/local, it'll throw an error: Identifier or password invalid..
Strangely, If I use an admin credential, it'll work just fine, and save into database with a hashed password.
If the current behavior is a bug, please provide the steps to reproduce the problem
What is the expected behavior?
It should ~~~either~~~:
~~Throw an error about bcrypt. Or ~~
Hash the password properly
Suggestion
I check using console.log and found that value send to User.add service (Path: \plugins\users-permissions\services\User.js) is in this form:
Node.js version:
v8.10.0 LTS
npm version:
5.7.1
Strapi version:
3.0.0-alpha.11.1
Operating system:
WIndows 10:
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
I create the Strapi app using
strapi start
. When I adding a user viahttp://localhost:1337/admin/plugins/content-manager/user/create?source=users-permissions
,bcrypt.hash
will work (bcryptjs
is neither mentioned in thepackage.json
file nor installed innode_modules
folder. ), skip the checking process, and save into the database directly as a plain text.So, when I tried to log in via
POST http://localhost:1337/auth/local
, it'll throw an error:Identifier or password invalid.
.Strangely, If I use an admin credential, it'll work just fine, and save into database with a hashed password.
If the current behavior is a bug, please provide the steps to reproduce the problem
What is the expected behavior?
It should ~~~either~~~:
bcrypt
. Or ~~Suggestion
I check using
console.log
and found that value send toUser.add
service (Path:\plugins\users-permissions\services\User.js
) is in this form:But the logic used to check password exist was: (line 21)
So, IMO, this line should be changed to:
Oh, and the
edit
method too!I test, and the problem solved. 😄
The text was updated successfully, but these errors were encountered: