search

AfterClass-io / afterclass.io-v2

[alpha] v2 of https://afterclass.io!
https://afterclass-io.vercel.app
MIT License
4 stars 2 forks source link

feat(auth): authenticate user with existing v1 credentials #128

Closed davidlhw closed 2 months ago

davidlhw commented 2 months ago

closes #114

Changes

Implementation

  1. check if user exist in db
  2. if user exist, check if user is using old credentials
  3. if user has v1 credentials, run authenticate fn (compareSync(...)).
  4. ... back to nextauth authentication flow ...

Notes

some users have emails that are not in the supported email domain list. we will intentionally force password reset with an email that's supported to remove such outliers (~2%) of users

Testing

Local only

  1. run prisma migrate reset to reset your local db
  2. run the app and head to the login page
  3. login with this user + password, generated from the script below (see #sanity-check) 
    user: test_hash_pwd@smu.edu.sg
pwd: P@ssw0rd
  4. login successfully

Sanity Check

to confirm the validity of my implemenation, you can try:

const bcrypt = require("bcrypt");

const saltRounds = 10;  // irrelevant for us
const pwd = "ExampleUnsafePassword!!!";  
const hash = bcrypt.hashSync(pwd, saltRounds);

console.log(hash);
// something that looks like `$2b$10$PkCVxT6KrNlBnXQJvwg.8eviXHaOpTOB5hO8P0K0m/15rGORToOXi`

console.log(bcrypt.compareSync(pwd, hash));  // true

or you can ask for your currently live afterclass.io user's password digest and i can send it to you securely for your own sanity check

vercel[bot] commented 2 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
afterclass-io-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 22, 2024 4:18pm