Login: remove temporary debug logging
Root cause for "invalid credentials" on correct password was a corrupt btree index (idx_users_email) causing user lookups to miss existing rows. Fixed by REINDEX DATABASE. Keeping a typed catch around passwords.verify() so any future verify throw is logged cleanly instead of bubbling as 500.
This commit is contained in:
parent
a8a3ade069
commit
9da529e593
1 changed files with 7 additions and 1 deletions
|
|
@ -309,7 +309,13 @@ router.post('/login', async (req, res) => {
|
|||
return res.status(401).json({ error: 'Invalid credentials' });
|
||||
}
|
||||
|
||||
var valid = await passwords.verify(password, user.password);
|
||||
var valid;
|
||||
try {
|
||||
valid = await passwords.verify(password, user.password);
|
||||
} catch (verifyErr) {
|
||||
console.error('[Auth] passwords.verify threw:', verifyErr.message);
|
||||
return res.status(500).json({ error: 'Request failed' });
|
||||
}
|
||||
if (!valid) {
|
||||
await db.run('INSERT INTO audit_log (user_id, action, ip_address) VALUES (?, ?, ?)', [user.id, 'login_failed', req.ip]).catch(function(){});
|
||||
return res.status(401).json({ error: 'Invalid credentials' });
|
||||
|
|
|
|||
Loading…
Reference in a new issue