Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not read user password from DB closes #232 #233

Merged
3 commits merged into from
Jun 2, 2021
Merged

Do not read user password from DB closes #232 #233

3 commits merged into from
Jun 2, 2021

Conversation

glutengo
Copy link
Contributor

No description provided.

@ghost
Copy link

ghost commented May 31, 2021
edited by ghost
Loading

I see that you have disabled encryption on typeORM. So we have to find an alternative way to obscure that value. Therefore the PR is not complete.

@glutengo
Copy link
Contributor Author

@amanganiello90 the change does not mean that the encryption is disabled. The change just means that whenever the user is read from the database, the password column is not included in the query. The password is still encrypted.

@ghost ghost linked an issue May 31, 2021 that may be closed by this pull request
Remove in query user api the unencrypted password exposed #232
Closed
@ghost ghost self-requested a review May 31, 2021 09:35
ghost
ghost suggested changes May 31, 2021
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to fix user e2e test on

generator-jhipster-nodejs/generators/server/templates/server/e2e/user.e2e-spec.ts.ejs

Line 29 in 058b1da

password: 'userTestLogin'

The test integration pipeline fails for that.

@glutengo
Copy link
Contributor Author

glutengo commented Jun 1, 2021

@amanganiello90 thank you for pointing out and apologies for not running them before submitting the PR!
I have made some adjustments which fixed the e2e tests for a nhipster project I generated on my local machine.

Is there any way to run the full pipeline on a local machine?

@ghost
Copy link

ghost commented Jun 1, 2021
edited by ghost
Loading

Hi @glutengo, you have to follows the steps of the integration-test yml files: https://github.com/jhipster/generator-jhipster-nodejs/tree/main/.github/workflows

They use the templates defined in https://github.com/jhipster/generator-jhipster-nodejs/tree/main/test-integration/samples .

The configuration are performed by .sh files in the upper folder.

@glutengo
Copy link
Contributor Author

glutengo commented Jun 2, 2021

@amanganiello90 should be good now, pipeline checks have passed

@ghost ghost merged commit 139a71b into jhipster:main Jun 2, 2021
@glutengo glutengo deleted the bug/issue-232 branch June 2, 2021 15:07
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove in query user api the unencrypted password exposed
1 participant
@glutengo