Cannot authorise Argon2 on NodeJS (4.4.5)

bpj · December 16, 2021, 7:34pm

Wappler Version : 4.4.5
Operating System : Mac Monterey (M1)
Server Model: NodeJS
Database Type: MySQL
Hosting Type: Docker

I’ve just updated to 4.4.5 and a project I have been working on that uses Argon with NodeJS has suddenly stopped allowing login. No matter what I do I get 401 Unauthorised.

This project was working as long as I added "argon2": "^0.28.3" to the package.json file and redpeloyed.

Since updating, I get 401 response even when using the correct credentials. I have validated that the credentials are correct by trying multiple times and also using the same credentials on the production target that hasn’t yet received the update which worked fine.

None of the field references in users and permissions or the data bindings in the login step have been adjusted, just the update to 4.4.5. The Security Provider is still ticked for using password hash and the stored password is argon format.

I looked in the package.json and argon2 wasn’t listed under dependencies so I added it and redeployed but no luck, I still get 401 Unauthorised.

George · December 16, 2021, 7:43pm

Are the hashes really stored as argon2 hashes in the database? They should start with $ sign

bpj · December 16, 2021, 8:02pm

Yes. They have been working fine until 4.4.5

George · December 16, 2021, 8:11pm

But if you check the password hashes in the database do they really start with $ ?

George · December 16, 2021, 8:16pm

unzip and place this database.js in /lib/auth and let me know if it works:

…

George · December 16, 2021, 8:20pm

Sorry was a small error, try this one:

database.zip (833 Bytes)

bpj · December 16, 2021, 8:25pm

That does the job!

Thanks George

Teodor · January 21, 2022, 10:00am

This has been fixed in Wappler 4.5

Teodor · January 22, 2022, 4:00pm

This topic was automatically closed after 30 hours. New replies are no longer allowed.