Hi guys,

I'm noticing a serious problem which leads to the unwilling alteration of user passwords.

From a custom endpoint i fetch a user, then set a property on it and save it back. The effect is that the user's password gets changed (maybe set to empty?).



My code:

var userCollection = collectionAccess.collection('user');

//...... updated_user comes from a userCollection.find(), then is stored in a dict

updated_user.sched_visited_at = new Date();

userCollection.save(updated_user, function(err, objectThatWasSaved) {

if (err) {

response.body.debug = err;

response.complete(500);

}

});



How is it even possible to change a user password other than reseting it from apis?

Needless to say that I was doing this in a loop for all my users... :-(

Please advice.

Thx!

Hi,

Is anyone able to save user entities from BL without messing their passwords?

Thx.

Good morning V3ga, It seems as though you're having the same issue as another user. Can you take a peek at this forum topic (https://support.kinvey.com/discussion/201272567/invalid-credentials-after-i-run-an-user-update-from-a-custom-endpoint#latest ) and the response from our engineer Gal and see if that helps explain / solve your issue? Thanks,

Thx Damien! It does. Best regards, V3ga > @Damien said: > Good morning V3ga, > > It seems as though you're having the same issue as another user. Can you take a peek at this forum topic (https://support.kinvey.com/discussion/201272567/invalid-credentials-after-i-run-an-user-update-from-a-custom-endpoint#latest ) and the response from our engineer Gal and see if that helps explain / solve your issue? > > Thanks,

No worries V3ga, Best of luck