Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create endpoints to allow users to update their profile information and passwords. #36

Open
Tracked by #2
jean-michelet opened this issue Oct 21, 2024 · 5 comments · May be fixed by #48
Open
Tracked by #2

Create endpoints to allow users to update their profile information and passwords. #36

jean-michelet opened this issue Oct 21, 2024 · 5 comments · May be fixed by #48
Assignees
@Mathieuka

Comments

@jean-michelet
Copy link
Contributor

No description provided.

@jean-michelet jean-michelet mentioned this issue Oct 21, 2024
Open
10 tasks
@Mathieuka
Copy link

Hello @jean-michelet if it is available, can you assign it to me ?

Thx

@jean-michelet
Copy link
Contributor Author

Go ahead!

@Mathieuka
Copy link

For the password update scenario, prior authentication is logically required.

Currently, passwords in the database are stored in plain text via seeding.

For authentication, we apply a hashing function to the plain text password, which means it is impossible to correctly compare the password entered by the user.

const user = ... // user from db

// user.password is an plain text password and i think fastify.compare applies a hash function to it
const isPasswordValid = await fastify.compare(password, user.password)

Before the implementation of the update endpoint, I propose, in the same pull request, to modify the seeding to store passwords in a hashed format rather than in plain text to resolve this issue.

We can also include demonstration passwords in the documentation.

Did I miss anything?

@jean-michelet
Copy link
Contributor Author

Currently, passwords in the database are stored in plain text via seeding.

No, we use a scriptHash function:

demo/scripts/seed-database.ts

Line 51 in 9455f5c

const hash = await scryptHash('password123$')

@Mathieuka
Copy link

Currently, passwords in the database are stored in plain text via seeding.

No, we use a scriptHash function:

demo/scripts/seed-database.ts

Line 51 in 9455f5c

const hash = await scryptHash('password123$')

Yeah my bad, I didn't see that

@jean-michelet jean-michelet linked a pull request Oct 29, 2024 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mathieuka Mathieuka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add auth update endpoint Mathieuka/fastify-demo
2 participants
@Mathieuka @jean-michelet