16 replies

HaveIBeenPwned creates user anyway

I tried integrating the new haveIBeenPwned() plugin and found out that users are created, even if the password is marked as pwned.

{code: "THE_PASSWORD_YOU_ENTERED_HAS_BEEN_COMPROMISED_PLEASE_CHOOSE_A_DIFFERENT_PASSWORD", message: "The password you entered has been compromised. Please choose a different password.", status: 400, statusText: "Bad Request"}

{code: "THE_PASSWORD_YOU_ENTERED_HAS_BEEN_COMPROMISED_PLEASE_CHOOSE_A_DIFFERENT_PASSWORD", message: "The password you entered has been compromised. Please choose a different password.", status: 400, statusText: "Bad Request"}

1. code = message? (I think it's good to customize the code in addition to the message for localization purposes)
2. The user is created in the database anyways

Solution

npm i https://pkg.pr.new/better-auth/better-auth@2253

npm i https://pkg.pr.new/better-auth/better-auth@2253

Jump to solution

Better Auth•11mo ago•

16 replies

Jan

HaveIBeenPwned creates user anyway

I tried integrating the new haveIBeenPwned() plugin and found out that users are created, even if the password is marked as pwned.

{code: "THE_PASSWORD_YOU_ENTERED_HAS_BEEN_COMPROMISED_PLEASE_CHOOSE_A_DIFFERENT_PASSWORD", message: "The password you entered has been compromised. Please choose a different password.", status: 400, statusText: "Bad Request"}

{code: "THE_PASSWORD_YOU_ENTERED_HAS_BEEN_COMPROMISED_PLEASE_CHOOSE_A_DIFFERENT_PASSWORD", message: "The password you entered has been compromised. Please choose a different password.", status: 400, statusText: "Bad Request"}

1. code = message? (I think it's good to customize the code in addition to the message for localization purposes)
2. The user is created in the database anyways

Solution

npm i https://pkg.pr.new/better-auth/better-auth@2253

npm i https://pkg.pr.new/better-auth/better-auth@2253

Jump to solution

HaveIBeenPwned creates user anyway

Similar Threads

HaveIBeenPwned creates user anyway

Similar Threads

Similar Threads

Similar Threads