Password field 'safe' in mongoose

jaredhanson / passport-local

Username and password authentication strategy for Passport and Node.js.

https://www.passportjs.org/packages/passport-local/?utm_source=github&utm_medium=referral&utm_campaign=passport-local&utm_content=about

MIT License

2.74k stars 498 forks source link

Password field 'safe' in mongoose #108

Closed Evanion closed 9 years ago

Evanion commented 9 years ago

Hello It doesn't seem like passport-local is able to validate the password, when the field is marked as 'safe' in the schema, as soon as we remove the 'safe' tag, the validation works. Are we missing some configuration in passport-local to make it specifically request that field from mongoose?

jaredhanson commented 9 years ago

passport-local does not validate passwords. It invokes the verify callback that your applications supplies. If this is an issue, it is with application-provided code, not this package.