fahed/marketing-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use nocodb.get() after list() for auth — list may omit fields
All checks were successful
Deploy / deploy (push) Successful in 11s
Details

Browse Source 
NocoDB list endpoint doesn't always return all fields (e.g.
password_hash). Use list() to find by email/token, then get()
to fetch the full record with all fields.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fahed
2026-03-04 12:33:36 +03:00
parent fa6345f63e
commit 7c6e8dce08
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/server.js
View File

@@ -620,7 +620,10 @@ app.post('/api/auth/login', async (req, res) => {
try {
const users = await nocodb.list('Users', { where: `(email,eq,${sanitizeWhereValue(email)})`, limit: 1 });
const user = users[0];
if (users.length === 0) return res.status(401).json({ error: 'Invalid email or password' });
// nocodb.list() may not return all fields — fetch full record
const user = await nocodb.get('Users', users[0].Id);
if (!user || !user.password_hash) return res.status(401).json({ error: 'Invalid email or password' });
const valid = await bcrypt.compare(password, user.password_hash);
@@ -709,7 +712,8 @@ app.post('/api/auth/reset-password', async (req, res) => {
const users = await nocodb.list('Users', { where: `(reset_token,eq,${tokenHash})`, limit: 1 });
if (users.length === 0) return res.status(400).json({ error: 'Invalid or expired reset token' });
const user = users[0];
// nocodb.list() may not return all fields — fetch full record
const user = await nocodb.get('Users', users[0].Id);
if (!user.reset_token_expires || new Date(user.reset_token_expires) < new Date()) {
return res.status(400).json({ error: 'Invalid or expired reset token' });
}