Argon2 Secure Login - 401 Error

Continuing the discussion from Using Argon2 Secure Hashes:

I’m trying to implement the latest Argon2 on an existing NodeJS project, following the doc above.
When creating an account, it all works fine. I can see the Argon2 hash in the DB.
When logging in, if I input plain text password, it fails with 401. But if I put in Argon2 hash copied from the DB, I get logged in.
I have the verify option enabled in security provider.
Have gone through the docs multiple time, not sure what I am missing. My setup is pretty much a copy of what the docs says. We are using PostgreSQL.

Please help.

When you open the security provider in code view, do you see in "passwordVerify": true in the options {} ?

Yes.

If the password hash verify is on, then this won’t work like that. From your explanation it sounds like the security provider is not verifying hashes but just comparing strings.
Maybe try setting up the security provider again also make sure the login action uses the correct security provider.

Deleted existing “security” named security provider. Created a new “securityArgon” provider. Same behaviour.
Also checked the Wappler output console, no errors.

Perhaps not all the files in the lib folder are up-to-date. Delete the lib folder and then resave a server action, it should then copy new files.

Perfect, that worked. Should have thought of that.

This has been happenning quite a lot lately. Have read numerous posts where this has been the issue.
Maybe there’s some bug here which can be tackled with the new project updater?

Found the cause @sid, see:

1 Like

That’s great! Thanks for the update. :slight_smile:

This has been fixed in Wappler 4.4.5

This topic was automatically closed after 47 hours. New replies are no longer allowed.