Registering call with attribute "hash" instead of "password" possible but saves hash in plaintext

Question

Registering call with attribute "hash" instead of "password" possible but saves hash in plaintext

christianfl opened this issue 5 years ago · 0 comments

Hey! Thanks for this nice API, love it!
I noticed the following behaviour:

POST to localhost:4000/users/register with:


{
	"username": "test0",
	"firstName": "firstname",
	"lastName": "lastName"
}

gives the answer:

{
    "message": "User validation failed: hash: Path `hash` is required."
}

This should be "password" not hash, shouldn't it?

If I attach the attribute hash like:

{
	"username": "test0",
	"firstName": "firstname",
	"lastName": "lastName",
	"hash": "plainHash"
}

the user is successfully registered in the API. But the hash field looks like "hash" : "plainHash" in the mongodb. Therefore logging in is impossible.