How to properly change user object #653
Comments
|
Have you tried something like: router.put('/users/:id', auth.isAuthenticated(), controller.update);in your |
|
Mhm i guess yes you misunderstand the problem ;) You know let's say i fetch a user object via mongoose and the call save() on that very same object, it would rehash the password. Maybe it is feasible to exclude the password from the query result, but on the other hand this might be lead to problems when you actually need the password. I can close this issue if you think this is not really a problem, but at least i spend some time figuring out why the password hash changed everytime i did some actions on the website. |
|
Is the problem related to #569 [and the other issues mentioned there]? |
|
Good catch! Yes you are right, i guess i should then close this issue. But at least i now know i'm not the only one with this problem/question :) |
Let's say i have a field for the user model called "fullname".
If i now get the user object by req.user, change req.user.fullname and call user.save(...) the password hash will rehashed, resulting that the password is garbesh and not valid anymore.
Of course i could manually remove the password field everytime before i save the user object (because the pre save hook for "save" checks whether this field is there or not). Also only updating the field via User.update(...) is possible. However maybe there are better ways how to handle that. Can the field per default be omittet? So that is must be set explicity if one want to change the password?
The text was updated successfully, but these errors were encountered: