These are chat archives for deployd/contributors

10th
Jul 2015
Rares Golea
@rgolea
Jul 10 2015 16:42
Hey guys! Found quite a bug in deployd. I will try fix it myself but just in case I can’t fix it, here’s the bug: Try using a default password on the post event like: this.password = ‘defaultpassword’ (use case: password generator). Try posting a new user and see that in the db the password is stored without a hash so in this case, in mongo, you will see that the password field is equal to defaultpassword (no hashes there). Thanks!
Andrei Alecu
@andreialecu
Jul 10 2015 17:08
Nice catch, but I think that shouldn't be allowed probably. As a workaround you can make a dpd-event that generates the password and dpd.users.posts it.
I mean overwriting the password in POST
Rares Golea
@rgolea
Jul 10 2015 17:15
Yeah, I know but deployd is intuitive per se... Would be nice to apply password hashes after the events ;)
Would it work in a beforerequest?
Yeah, I know but deployd is intuitive per se... Would be nice to apply password hashes after the events ;)