manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(admin): use bcrypt in admin password set to match signin verification

Browse source 
Simple hash_ format stored by admin PATCH was incompatible with bcrypt
verification in /api/auth/signin, causing "Invalid password" on login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-05-17 12:57:33 +05:30
parent 6ce459e4f6
commit 50a6827bfd
1 changed files with 2 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/app/api/admin/users/route.ts
View file

@ -1,6 +1,7 @@
import { NextResponse } from "next/server";
import { requireAdmin } from "@/lib/admin-auth";
import { sql } from "@/db";
import bcrypt from "bcryptjs";
// GET all users
export async function GET(request: Request) {
@ -100,19 +101,8 @@ export async function PATCH(request: Request) {
return NextResponse.json({ error: "userId required" }, { status: 400 });
}
// Simple hash function
function hashPassword(pwd: string): string {
let hash = 0;
for (let i = 0; i < pwd.length; i++) {
const char = pwd.charCodeAt(i);
hash = ((hash << 5) - hash) + char;
hash = hash & hash;
}
return "hash_" + hash.toString(16);
}
if (password) {
const passwordHash = hashPassword(password);
const passwordHash = await bcrypt.hash(password, 12);
await sql`
UPDATE users SET password_hash = ${passwordHash}, password_updated_at = NOW(), updated_at = NOW()
WHERE id = ${userId}