Logins broken with update from 3.1.1 -> 3.1.2/4.0.0

[ChrisHubinger]

Hi,

user.authenticate() logins do not work anymore with unmodified data & settings after updating from 3.1.1 to 3.1.2 or 4.0.0

needed to recreate passowrd to make it work again - major IMPACT please delete 3.1.2 from NPM in order to avoid people running into this issue.

thx,
Chris

[saintedlama]

Added a test in commit 3123649 to verify that the authenticate function is compatible to 3.0.0 versions. Tests are working fine with all node versions > 0.10 - could you check if you specify a digest algorithm argument? Will work on a fix for node 0.10 too.

[saintedlama]

Unpublished 3.1.2 and 3.1.1

[ChrisHubinger]

Hi,

No, we just used the iterations setting (that low to speedup test runs):

    UserSchema.plugin(passportLocalMongoose, {
        iterations: 5000
    });

[alejandromagnorsky]

If I update to v4.0.0, I can't login with existing users. Working with version 3.1.0 in the meantime.

[BrandonCopley]

It's because there was a bug that uses sha1 in that version, even though you thought it was defaulting to sha256. It's a silly error, and I am working on adding some features to this code (if the author lets me) so that we can upgrade our users without them seeing a "we reset your password" email.

[BrandonCopley]

UserSchema.plugin(passportLocalMongoose, {
    iterations: 5000,
    digestAlgorithm: 'sha1'
});

Should work.

[saintedlama]

As outlined by @BrandonCopley use a digestAlgorithm: 'sha1' for backward compatibility