Closed marcus-sa closed 6 years ago
None of the built-in authentication tools call create
on the users service. It has to be somewhere in your code but I don't think the snippets show your entire setup. As I mentioned before, the best way to get help with things like this is to share a complete repository that can be cloned and reproduces the issue.
I'm going to close this but please feel free to reopen with a complete breaking example.
Whenever I try to authenticate through REST or socket, the create method on the user service gets called each time. That means the request body gets changed and the bcrypt compare method will actually try to validate the entered password which has been just hashed due to the create method getting called on the user service against the actual database password.
How come this happens?
Config:
User service:
Authentication service: