Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: Use Redwood's hashPassword() for loginToken hashing in the password-less dbAuth flow #11566

Merged
merged 3 commits into from
Sep 15, 2024
Merged

Docs: Use Redwood's hashPassword() for loginToken hashing in the password-less dbAuth flow #11566

merged 3 commits into from
Sep 15, 2024

Conversation

antonmoiseev
Copy link
Contributor

The hashing algorithm used in the current version of the guide doesn't match the algorithm that Redwood uses to find user by username/password before passing control to the custom login handler. This breaks login flow, users can never sign in even with a correct valid token.

Introduced changes replace 3rd-party crypto-js library with the hashPassword() function imported from the Redwood itself.

@antonmoiseev
Use Redwood's hashPassword() for login token hashing
670c673 
The hashing algorithm used in the current version of the guide doesn't match the algorithm that Redwood uses to find user by username/password before passing control to the custom login handler. This breaks login flow, users can never sign in even with a correct valid token.

Introduced changes replace 3rd-party crypto-js library with the `hashPassword()` function imported from the Redwood itself.
@antonmoiseev antonmoiseev changed the title Use Redwood's hashPassword() for login token hashing Docs: Use Redwood's hashPassword() for login token hashing in the password-less dbAuth flow Sep 15, 2024
@antonmoiseev antonmoiseev changed the title Docs: Use Redwood's hashPassword() for login token hashing in the password-less dbAuth flow Docs: Use Redwood's hashPassword() for loginToken hashing in the password-less dbAuth flow Sep 15, 2024
@Tobbe Tobbe added the release:docs This PR only updates docs label Sep 15, 2024
@Tobbe Tobbe added this to the next-release-patch milestone Sep 15, 2024
@Tobbe
Copy link
Member

Tobbe commented Sep 15, 2024

image

I love consistency! But I actually think your original code with const is better, and the existing docs should have been updated to also use const instead of let 😆

@Tobbe Tobbe added the changesets-ok Override the changesets check label Sep 15, 2024
@Tobbe Tobbe merged commit d924a72 into redwoodjs:main Sep 15, 2024
50 of 51 checks passed
Josh-Walker-GM pushed a commit that referenced this pull request Sep 16, 2024
@antonmoiseev @Josh-Walker-GM
Docs: Use Redwood's hashPassword() for loginToken hashing in the pass…
e4135d3 
…word-less dbAuth flow (#11566)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
changesets-ok Override the changesets check release:docs This PR only updates docs
Projects
None yet
Milestone
v8.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@antonmoiseev @Tobbe @Josh-Walker-GM