Comments (10)
saintedlama
commented on May 25, 2024
This sounds really strange. What else did change? Node version? Could you check if the data contained in hash and salt field of the user model have the same value
from passport-local-mongoose.
evindor
commented on May 25, 2024
Hey, we got the same problem and I traced it to here. Depending on NODE_ENV crypto.pbkdf2.length returns different values - 6 for "development" and 0 for "production". Super weird.
@saintedlama can you please tell us why do you need to perform this check?
from passport-local-mongoose.
evindor
commented on May 25, 2024
It turned out for us that there is no link to NODE_ENV. It was newrelic. Just requiring it somehow sets crypto.pbkdf2.length to 0 😮
I guess if @remotevision confirms he had newrelic on prod too this issue can be closed.
from passport-local-mongoose.
saintedlama
commented on May 25, 2024
@evindor Thanks for digging that deep to find the bug. Changed behavior in passport-local-mongoose to detect pbkdf2 based on node versions instead of argument length. Released on NPM as 3.1.1
from passport-local-mongoose.
evindor
commented on May 25, 2024
@saintedlama Thanks for quick reaction! But I think you need to unpublish 3.1.1 ASAP and republish it bumping major or at least minor version - this is a breaking change for everyone using newrelic in production. Because in fact this is release 3.0 (setting default algo to sha256) for people using newrelic.
The issue is very stealthy and if someone deploys today they might lock their users out without realizing it.
from passport-local-mongoose.
saintedlama
commented on May 25, 2024
Thanks for the hint! It was a bug fix mentally 😢 - republished a patch level reverted pkg to ensure everyone will get the fix. Will bump major.
from passport-local-mongoose.
evindor
commented on May 25, 2024
👍
from passport-local-mongoose.
saintedlama
commented on May 25, 2024
@remotevision Can you confirm this newrelic thingy?
from passport-local-mongoose.
remotevision
commented on May 25, 2024
I do use New Relic!
from passport-local-mongoose.
saintedlama
commented on May 25, 2024
@remotevision Then I'll suggest to switch to version 4 of passport-local-mongoose. Thanks all for sorting out that issue 🎉
from passport-local-mongoose.
Related Issues (20)
- cant find methods User.createStrategy() User.serializeUser() User.deserializeUser()
- Unique email (with unique username) HOT 2
- Calling authenticate() against an existing instance is looking up a different user to check the password HOT 4
- why change user.id two times?
- Generic type 'Query<ResultType, DocType, THelpers>' requires between 2 and 3 type arguments. HOT 1
- Type issues with SerializeUser
- Include type definitions directly in the package HOT 2
- Login fails if the "username" field contains "+" character HOT 1
- The problem occurs when deploying two or more completely different apps (not two instances of the same app).
- Salt and hash field can be updated manually
- options.usernameQueryFields needs to be set to default empty array HOT 3
- Unauthorized plain text HOT 4
- usernameField settings outlined in the docs do not work HOT 4
- Usernamequeryfields not inspected on calling register function
- How to pass errors on register method to the front-end HOT 1
- Mongoose 7 does not support some callbacks like in 6.x version and it cause exceptions in passport-local-mongoose HOT 1
- TypeError: teacherSchema.plugin is not a function
- TypeError: user.get is not a function
- [MissingUsernameError] No username was given HOT 1
- TypeError: Cannot read properties of null (reading 'name')
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-local-mongoose.