Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: u&p service hashes passwords #20147

Merged
merged 6 commits into from Apr 18, 2024
Merged

fix: u&p service hashes passwords #20147

merged 6 commits into from Apr 18, 2024

Conversation

innerdvations
Copy link
Contributor

@innerdvations innerdvations commented Apr 18, 2024
edited

What does it do?

The u&p service lost its password hashing during the deprecation migration of entity service. This adds it back.

We may actually want to switch to use document service universally here, in case there's any other logic we're missing and to avoid duplicating code.

Why is it needed?

u&p passwords aren't being hashed on registration

How to test it?

Tests have been added, but:

  • register a u&p users through the api
  • check that the password field is hashed in the database
  • check that you can login with it

Related issue(s)/PR(s)

DX-1372

@vercel Vercel
Copy link

vercel bot commented Apr 18, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
contributor-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 18, 2024 0:28am

@innerdvations innerdvations marked this pull request as ready for review April 18, 2024 10:19
@derrickmehaffy
Copy link
Member

Indeed can we please switch to the docsrv

jhoward1994
jhoward1994 approved these changes Apr 18, 2024
View reviewed changes
Copy link
Contributor

@jhoward1994 jhoward1994 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works well for me, thanks!

@innerdvations
Copy link
Contributor Author

innerdvations commented Apr 18, 2024
edited

Indeed can we please switch to the docsrv

We're still discussing how to handle the API side of things, some parts may need to wait until Strapi 6. For now we'll go with this because it needs to be fixed ASAP, but internally we can refactor at any time to use doc service once we expose the entity id api. I do also hope we have time to use doc id for the u&p content api as well.

@innerdvations innerdvations merged commit a7cf7e5 into v5/main Apr 18, 2024
80 of 83 checks passed
@innerdvations innerdvations deleted the fix/users-permissions-registration-hashing branch April 18, 2024 13:59
@echoes-hq echoes-hq bot added echoes/type: bug Effort to correct undesirable or incorrect behavior echoes/type: bug/security For security bugs and vulnerabilities labels Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhoward1994 jhoward1994 jhoward1994 approved these changes

@Convly Convly Awaiting requested review from Convly

@Bassel17 Bassel17 Awaiting requested review from Bassel17

Assignees
No one assigned
Labels
echoes/type: bug/security For security bugs and vulnerabilities echoes/type: bug Effort to correct undesirable or incorrect behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@innerdvations @derrickmehaffy @jhoward1994