HaveIBeenPwned creates user anyway
I tried integrating the new haveIBeenPwned() plugin and found out that users are created, even if the password is marked as pwned.
{code: "THE_PASSWORD_YOU_ENTERED_HAS_BEEN_COMPROMISED_PLEASE_CHOOSE_A_DIFFERENT_PASSWORD", message: "The password you entered has been compromised. Please choose a different password.", status: 400, statusText: "Bad Request"}
1. code = message? (I think it's good to customize the code in addition to the message for localization purposes)
2. The user is created in the database anyways13 Replies
I'll look into this.
@Jan-Nicklas can u able to login after the error ?
@KiNFiSH No. I just checked and the account is npt created, but the user is. So you can't login but also can't create a user with same email/username
Ya got the same issue
fixed
lemme send test npm build
Solution
npm i https://pkg.pr.new/better-auth/better-auth@2253check this one and lemme know if it works
That works, no entry is created in the
user or verification table 👍will merge it. thanks
I also created a PR for the error code:
https://github.com/better-auth/better-auth/pull/2255
GitHub
fix(haveIBeenPwned): Meaningful error code by JE4GLE · Pull Reques...
In my humble opinion, THE_PASSWORD_YOU_ENTERED_HAS_BEEN_COMPROMISED_PLEASE_CHOOSE_A_DIFFERENT_PASSWORD is not a valid error code.
Error codes should be short and are not required the be understand ...
It is already been fixed along side with that
Thanks for the help
@KiNFiSH Where is the fix for the error code? Your PR I just tested returns:
try
1.2.7-beta.1 should fix both