Loopback: User.validatePassword throws uncaught exception in User.create
related to #941
Creating user with empty password : [email protected] user created , [email protected] application crash due to uncaught exception
User.create({username: 'John', email: '[email protected]', password:''},function(err,user){
//invalid password error should be returned in callback
});
overriding validatePassword to check for minimum length will also give uncaught exception
see also example https://github.com/cleas/loopback-sandbox
https://github.com/cleas/loopback-sandbox/blob/master/server/boot/create-model-instances.js
cleas
All 14 comments
I tried running your example. I get:
Error: Invalid password:
...
Seems like this is fixed in the latest LoopBack. Can you confirm so I close this?
superkhau
on 7 Jul 2015
I tried with loopback 2.18.0 => error is still there.
looking at the source nothing changed to User.hashPassword and User.validatePassword.
function User.validatePassword can throw exception , this exception is not handled in UserModel.setter.password
cleas
on 7 Jul 2015
I'm having this issue as well. I overrode validatePassword in my own User model subclass and used the default implementation as a reference. Now my instance crashes whenever there's an invalid password. Should I just return false instead of throwing an error?
rawrmaan
on 9 Jul 2015
I also encountered this, and used the following as a quickfix in user.js
User.observe('before save', function checkEmptyPasswordString(ctx, next) {
if (ctx.data && ctx.data.password === '') {
next('Password is empty string');
}
next();
});
jlvdh
on 1 Sep 2015
@cleas Are you still running into issues? Seems to be fixed by #941 now as I can't reproduce the error in your loopback-sandbox for anymore.
superkhau
on 1 Sep 2015
I'm still experiencing the error on Loopback 2.21.0 with the following request:
PUT /user
{"id":140, "password":""}
The error in the loopback-sandbox example is now catched due to the changes in commit:
https://github.com/strongloop/loopback-datasource-juggler/commit/21c0067462f48210f156bb043cb4076e979ff94d
"Report deferred exceptions via callback"
But still validatePassword exceptions are not caught in User.create function it self and returned in cb.
For example if the create functions are wrapped in a dataSource.autoupdate function, the application crashes.
see updated loopback-sandbox example. https://github.com/cleas/loopback-sandbox/commit/fd0fd3369d433ca79e4130fbbb139436d2e8c192
cleas
on 2 Sep 2015
@cleas: I believe this should have been resolved in newer versions of LoopBack. Could you please confirm?
gunjpan
on 16 Aug 2016
Getting this error. while creation of user, it catches if there is any error. but, if i use updateAttributes function, throwing an uncaught exception. Can someone help?
vijay22sai
on 19 Oct 2016
When calling User.updateAttribute('password','someinvalidpassword',cb), User.validatePassword() exception is not passed to the callback, thus the application crashes.
Using [email protected]
Allan1
on 28 May 2017
Marking as P1 since many community members are still seeing this issue.
rashmihunt
on 28 Jun 2017
might be related to: https://github.com/strongloop/loopback/issues/251
dhmlau
on 5 Jul 2017
UPDATE: Nevermind, the problem still exists in updateAttribute.
I'm not sure if this is still an issue. Using [email protected], if i set the password to empty string, the error code is INVALID_PASSWORD.
Here is what I've tried:
boot/test.js:
module.exports = function(app) {
var user = app.models.User;
user.create({email: '[email protected]', password: ''}, (err, result)=> {
if (err) {
console.log('err.code = ', err.code);
console.log(err);
}
console.log('result = ', result);
});
};
Output:
err.code = INVALID_PASSWORD
{ [Error: Invalid password: ] code: 'INVALID_PASSWORD', statusCode: 422 }
Issue is fixed for all Loopback 2.x.x versions.
loay
on 21 Jul 2017
Related issues
Overdrivr
路
4Comments
bajtos
路
4Comments
daankets
路
4Comments
htmlauthor
路
3Comments
crandmck
路
3Comments