Can not login after changing password

Question

Can not login after changing password

ahsan-storm opened this issue 4 years ago · 4 comments

If I update the password of a user, I can not login again with that user. I'm using the same BCryptPasswordEncoder to update the password which is being used in the signUp request at the time of user creation. Any pointers?

Answer 1 · 2021-03-18T11:43:28.000Z

Hi @ahsan-storm, how exactly are you trying to update the password?

Answer 2 · 2021-03-18T15:45:50.000Z

Hello @murraco, I'm trying to update the User object via PUT request. Its nothing special but just updating the password field in the user model object like this:

public UserResponse updateUserPassword(UserUpdateRequest request) {
    User user = userRepository.getOne(request.getId());
    user = userRepository.save(user.toBuilder()
        .password(passwordEncoder.encode(user.getPassword()))
        .build());

    return modelMapper.map(user, UserResponse.class);
  }

After the update is made, I can't login/signin with this user. Tried both old/new password. Checked user table in database, it seems to generate a new hash password and save it correctly.

Answer 3 · 2021-03-20T16:40:16.000Z

I think your code is wrong, you're re-encoding the current password when using user.getPassword() as your new password right after you've retrieved your user.

Try doing something like this instead:

user.setPassword(passwordEncoder.encode(newPassword));
userRepository.save(user);

Also, ideally you should move this logic into UserService and look at how to get the current user in the whoami method.

Answer 4 · 2021-03-21T13:05:05.000Z

Ahhh, you're right. Instead of using the password from request, I was encoding already existing hash password from user. Can't believe I missed it! Thanks for the help. Closing the issue!