Merge pull request #5043 from nocodb/fix/bcrypt-hash-null-salt

fix(nocodb): prevent from hashing a null salt

packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

@@ -207,6 +207,13 @@ export function initStrategies(router): void {
           if (!user) {
             return done({ msg: `Email ${email} is not registered!` });
           }
+
+          if (!user.salt) {
+            return done({
+              msg: `Please sign up with the invite token first or reset the password by clicking Forgot your password.`,
+            });
+          }
+
           const hashedPassword = await promisify(bcrypt.hash)(
             password,
             user.salt

packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts

@@ -162,7 +162,11 @@ export default class GqlAuthResolver {
             if (!user) {
               return done({ msg: `Email ${email} is not registered!` });
             }
-
+            if (!user.salt) {
+              return done({
+                msg: `Please sign up with the invite token first or reset the password by clicking Forgot your password.`,
+              });
+            }
             const hashedPassword = await promisify(bcrypt.hash)(
               password,
               user.salt

packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts

@@ -334,6 +334,11 @@ export default class RestAuthCtrl {
             if (!user) {
               return done({ msg: `Email ${email} is not registered!` });
             }
+            if (!user.salt) {
+              return done({
+                msg: `Please sign up with the invite token first or reset the password by clicking Forgot your password.`,
+              });
+            }
             const hashedPassword = await promisify(bcrypt.hash)(
               password,
               user.salt