Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try login with user who does not have password, crashes server #300

Open
adamgins opened this issue Jan 4, 2019 · 0 comments
Open

Try login with user who does not have password, crashes server #300

adamgins opened this issue Jan 4, 2019 · 0 comments

Comments

@adamgins
Copy link

adamgins commented Jan 4, 2019
edited
Loading

If you create a user by another means (eg Google login accounts-google) and a user tries to call rest '/login` route... it crashes the server.

20190105-08:52:59.677(11)? loginWithPassword 3 { _id: 'a5d8f6c3281c74b723751f7b',
I20190105-08:52:59.677(11)?   createdAt: 1546636267939,
I20190105-08:52:59.677(11)?   email: '`<some email>``',
I20190105-08:52:59.678(11)?   emails: [ { address: '<some email>', verified: true } ],
I20190105-08:52:59.678(11)?   dateUserInvited: null,
I20190105-08:52:59.678(11)?   invitingResourceID: null,
I20190105-08:52:59.678(11)?   completedSetup: true,
I20190105-08:52:59.679(11)?   profile: { channels: [ [Object] ] },
I20190105-08:52:59.679(11)?   services: { resume: { loginTokens: [] }, password: { reset: [Object] } },
I20190105-08:52:59.679(11)?   acceptedLicense: true,
I20190105-08:52:59.679(11)?   dateLicenseAccepted: 1546636289969,
I20190105-08:52:59.679(11)?   dateInitialSetup: 1546636297839 } test
W20190105-08:52:59.680(11)? (STDERR) /Users/adamginsburg/Documents/development/buzzy7/node_modules/bcrypt/bcrypt.js:150
W20190105-08:52:59.680(11)? (STDERR)             cb(new Error('data and hash must be strings'));
W20190105-08:52:59.680(11)? (STDERR)             ^
W20190105-08:52:59.681(11)? (STDERR) 
W20190105-08:52:59.681(11)? (STDERR) TypeError: cb is not a function
W20190105-08:52:59.681(11)? (STDERR)     at /Users/adamginsburg/Documents/development/buzzy7/node_modules/bcrypt/bcrypt.js:150:13
W20190105-08:52:59.681(11)? (STDERR)     at _combinedTickCallback (internal/process/next_tick.js:131:7)
W20190105-08:52:59.681(11)? (STDERR)     at process._tickDomainCallback (internal/process/next_tick.js:218:9)

Note user had tried to reset their password... so had reset not bcrypt ie password: { reset:

To solve this you need to check for the bycrypt and not just authenticatingUser.services?.password

https://github.com/kahmali/meteor-restivus/blob/devel/lib/auth.coffee#L55

ie

 if not authenticatingUser.services?.password.bcrypt
    throw new Meteor.Error 401, 'Unauthorized'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adamgins