Start a new topic

User's password unwillingly changed by business logic call

Hi guys,

I'm noticing a serious problem which leads to the unwilling alteration of user passwords.

From a custom endpoint i fetch a user, then set a property on it and save it back. The effect is that the user's password gets changed (maybe set to empty?).



My code:

var userCollection = collectionAccess.collection('user');

//...... updated_user comes from a userCollection.find(), then is stored in a dict

updated_user.sched_visited_at = new Date();

userCollection.save(updated_user, function(err, objectThatWasSaved) {

if (err) {

response.body.debug = err;

response.complete(500);

}

});



How is it even possible to change a user password other than reseting it from apis?

Needless to say that I was doing this in a loop for all my users... :-(

Please advice.

Thx!








No worries V3ga, Best of luck
Thx Damien! It does. Best regards, V3ga > @Damien said: > Good morning V3ga, > > It seems as though you're having the same issue as another user. Can you take a peek at this forum topic (https://support.kinvey.com/discussion/201272567/invalid-credentials-after-i-run-an-user-update-from-a-custom-endpoint#latest ) and the response from our engineer Gal and see if that helps explain / solve your issue? > > Thanks,
Good morning V3ga, It seems as though you're having the same issue as another user. Can you take a peek at this forum topic (https://support.kinvey.com/discussion/201272567/invalid-credentials-after-i-run-an-user-update-from-a-custom-endpoint#latest ) and the response from our engineer Gal and see if that helps explain / solve your issue? Thanks,
Hi,

Is anyone able to save user entities from BL without messing their passwords?

Thx.
Login or Signup to post a comment