allow user to be logged in if user has credentials from v1
Implementation
check if user exist in db
if user exist, check if user is using old credentials
if user has v1 credentials, run authenticate fn (compareSync(...)).
... back to nextauth authentication flow ...
Notes
some users have emails that are not in the supported email domain list. we will intentionally force password reset with an email that's supported to remove such outliers (~2%) of users
Testing
Local only
run prisma migrate reset to reset your local db
run the app and head to the login page
login with this user + password, generated from the script below (see #sanity-check)
user: test_hash_pwd@smu.edu.sg
pwd: P@ssw0rd
login successfully
Sanity Check
to confirm the validity of my implemenation, you can try:
const bcrypt = require("bcrypt");
const saltRounds = 10; // irrelevant for us
const pwd = "ExampleUnsafePassword!!!";
const hash = bcrypt.hashSync(pwd, saltRounds);
console.log(hash);
// something that looks like `$2b$10$PkCVxT6KrNlBnXQJvwg.8eviXHaOpTOB5hO8P0K0m/15rGORToOXi`
console.log(bcrypt.compareSync(pwd, hash)); // true
or you can ask for your currently live afterclass.io user's password digest and i can send it to you securely for your own sanity check
closes #114
Changes
Implementation
compareSync(...)
).Notes
some users have emails that are not in the supported email domain list. we will intentionally force password reset with an email that's supported to remove such outliers (~2%) of users
Testing
Local only
prisma migrate reset
to reset your local dbSanity Check
to confirm the validity of my implemenation, you can try:
or you can ask for your currently live afterclass.io user's password digest and i can send it to you securely for your own sanity check