Argon2 Failing Again

sid · January 29, 2022, 4:44pm

Wappler Version : 4.4.5
Operating System : W10
Server Model: NodeJS
Database Type: MySQL

Continuing the discussion from our earlier post: Argon2 Secure Login - 401 Error
Getting same error as before. Argon hash stored in the DB seems correct. But when entering the actual password, it fails with 401.

As suggested in previous post, I have re-created the lib folder. I have also installed/updated/cleaned packages. But no luck.

This time, entering the hash from DB in password field does not work either… so something else is breaking this time.
Please help.

Teodor · January 29, 2022, 9:49pm

Maybe post some screenshots showing how are the security/login steps setup in server connect.

sid · January 30, 2022, 1:06am

Similar to as shown in the docs. Only difference is my server action for Signup has a couple more steps - irrelevant to Argon. Security restrict and login same as in doc.

I checked the logs as well, and there is no error being shown.

sid · January 30, 2022, 4:41am

Security Restrict

Signup

Login

sid · January 30, 2022, 5:01am

Found the bug, by comparing database.js file from another project where Argon2 is working.
Line 23:

if (passwordVerify && password.startsWith('$')) {

Should instead be:

if (passwordVerify && result[this.users.password].startsWith('$')) {

I have tried deleting and letting Wappler recreate the database.js file, but it still created the incorrect file. Changing this to Bug.

Teodor · January 30, 2022, 6:51am

Sid, this has been fixed in an Update in December 2021 and should be just fine in the latest versions.

sid · January 30, 2022, 6:52am

There still seems to be an issue with how Wappler updates its lib files.

Teodor · January 30, 2022, 7:05am

There are no issues with that, i just tested with the latest version and the code in the database.js is just as expected:

if (passwordVerify && result[this.users.password].startsWith('$')) {

Please update to the latest version.

sid · January 30, 2022, 7:15am

You are missing the point. The point here is that Wappler is failing to update the file when upgrading project from an older version of Wappler to newer.
I don’t see any changes with regards to the way Wappler updates its files in 4.5.0 & 4.5.1, given that I am on 4.4.5. So updating to latest version will not do anything.

Also, this change was actually done in 4.4.5 as you have pointed in my previous post: Argon2 Secure Login - 401 Error.
So Wappler should have updated the file when lib was deleted and re-created automatically since I am on 4.4.5.

If you chose to ignore it, nothing I can do about it. I have reported the issue that I have been able to reproduce reliably.

karh · February 15, 2022, 10:10am

Thank you so much for posting this solution @sid !

This fixed my issue from this thread Node Argon2 login unauthorized?

I confirm it’s a bug: I am on the latest wappler version (4.5.3).

lighthouseit · February 23, 2022, 10:53am

I can confirm I am experiencing this bug with a project I’m currently working on.
I have just updated to Wappler V4.6.1 for reference.

Thanks a million for the fix @sid!