From 83eed319d8c0b3560e9fa8b59682ea9683e06d39 Mon Sep 17 00:00:00 2001
From: Wing-Kam Wong <wingkwong.code@gmail.com>
Date: Mon, 6 Feb 2023 13:59:34 +0800
Subject: [PATCH 1/2] fix(nocodb): prevent from hashing a null salt

---
 packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts | 7 +++++++
 packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts   | 6 +++++-
 packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts     | 5 +++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
index c513adb559..be6ee74fbf 100644
--- a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
+++ b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
@@ -207,6 +207,13 @@ export function initStrategies(router): void {
           if (!user) {
             return done({ msg: `Email ${email} is not registered!` });
           }
+
+          if (!user.salt) {
+            return done({
+              msg: `Please sign up with the invite token first!`,
+            });
+          }
+
           const hashedPassword = await promisify(bcrypt.hash)(
             password,
             user.salt
diff --git a/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts b/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
index 98b413bb28..0ef9902abe 100644
--- a/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
+++ b/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
@@ -162,7 +162,11 @@ export default class GqlAuthResolver {
             if (!user) {
               return done({ msg: `Email ${email} is not registered!` });
             }
-
+            if (!user.salt) {
+              return done({
+                msg: `Please sign up with the invite token first!`,
+              });
+            }
             const hashedPassword = await promisify(bcrypt.hash)(
               password,
               user.salt
diff --git a/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts b/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts
index 00a85d4ef6..b47d108cda 100644
--- a/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts
+++ b/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts
@@ -334,6 +334,11 @@ export default class RestAuthCtrl {
             if (!user) {
               return done({ msg: `Email ${email} is not registered!` });
             }
+            if (!user.salt) {
+              return done({
+                msg: `Please sign up with the invite token first!`,
+              });
+            }
             const hashedPassword = await promisify(bcrypt.hash)(
               password,
               user.salt

From a1473ddec7e569dde1ec203cab9ec35ab30e410f Mon Sep 17 00:00:00 2001
From: Wing-Kam Wong <wingkwong.code@gmail.com>
Date: Mon, 6 Feb 2023 16:19:25 +0800
Subject: [PATCH 2/2] chore(nocodb): update msg in initStrategies.ts

---
 packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts | 2 +-
 packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts   | 2 +-
 packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
index be6ee74fbf..b40f2c58d1 100644
--- a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
+++ b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
@@ -210,7 +210,7 @@ export function initStrategies(router): void {
 
           if (!user.salt) {
             return done({
-              msg: `Please sign up with the invite token first!`,
+              msg: `Please sign up with the invite token first or reset the password by clicking Forgot your password.`,
             });
           }
 
diff --git a/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts b/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
index 0ef9902abe..de1034e6fb 100644
--- a/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
+++ b/packages/nocodb/src/lib/v1-legacy/gql/GqlAuthResolver.ts
@@ -164,7 +164,7 @@ export default class GqlAuthResolver {
             }
             if (!user.salt) {
               return done({
-                msg: `Please sign up with the invite token first!`,
+                msg: `Please sign up with the invite token first or reset the password by clicking Forgot your password.`,
               });
             }
             const hashedPassword = await promisify(bcrypt.hash)(
diff --git a/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts b/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts
index b47d108cda..90c6545b7a 100644
--- a/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts
+++ b/packages/nocodb/src/lib/v1-legacy/rest/RestAuthCtrl.ts
@@ -336,7 +336,7 @@ export default class RestAuthCtrl {
             }
             if (!user.salt) {
               return done({
-                msg: `Please sign up with the invite token first!`,
+                msg: `Please sign up with the invite token first or reset the password by clicking Forgot your password.`,
               });
             }
             const hashedPassword = await promisify(bcrypt.hash)(