fix: use nocodb.get() after list() for auth — list may omit fields
All checks were successful
Deploy / deploy (push) Successful in 11s
All checks were successful
Deploy / deploy (push) Successful in 11s
NocoDB list endpoint doesn't always return all fields (e.g. password_hash). Use list() to find by email/token, then get() to fetch the full record with all fields. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fahed
@@ -620,7 +620,10 @@ app.post('/api/auth/login', async (req, res) => {
|
||||
|
||||
try {
|
||||
const users = await nocodb.list('Users', { where: `(email,eq,${sanitizeWhereValue(email)})`, limit: 1 });
|
||||
const user = users[0];
|
||||
if (users.length === 0) return res.status(401).json({ error: 'Invalid email or password' });
|
||||
|
||||
// nocodb.list() may not return all fields — fetch full record
|
||||
const user = await nocodb.get('Users', users[0].Id);
|
||||
if (!user || !user.password_hash) return res.status(401).json({ error: 'Invalid email or password' });
|
||||
|
||||
const valid = await bcrypt.compare(password, user.password_hash);
|
||||
@@ -709,7 +712,8 @@ app.post('/api/auth/reset-password', async (req, res) => {
|
||||
const users = await nocodb.list('Users', { where: `(reset_token,eq,${tokenHash})`, limit: 1 });
|
||||
if (users.length === 0) return res.status(400).json({ error: 'Invalid or expired reset token' });
|
||||
|
||||
const user = users[0];
|
||||
// nocodb.list() may not return all fields — fetch full record
|
||||
const user = await nocodb.get('Users', users[0].Id);
|
||||
if (!user.reset_token_expires || new Date(user.reset_token_expires) < new Date()) {
|
||||
return res.status(400).json({ error: 'Invalid or expired reset token' });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user