john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/src/controllers
History
TheFlow 4d8cb8daa1 fix(auth): resolve admin login - token sanitization and missing password field 
SUMMARY:
Fixed admin login failures caused by two issues:
1. Response sanitization middleware stripping auth tokens
2. Admin users missing password field in database

ROOT CAUSE ANALYSIS:
- sanitizeResponseData middleware removed ALL fields named 'token'
- This included authentication tokens that SHOULD be sent to clients
- Admin user records created without proper password field
- User.authenticate() failed on bcrypt.compare() with undefined password

FIXES:
1. Changed auth response field from 'token' to 'accessToken'
   - Avoids overly aggressive sanitization
   - More semantically correct (it's specifically an access token)
   - Frontend updated to use data.accessToken

2. Created fix-admin-user.js script
   - Properly creates admin user via User.create()
   - Ensures password field is bcrypt hashed
   - Deletes old malformed user records

3. Updated login.js auto-fill for correct dev email
   - Changed from admin@tractatus.local to admin@agenticgovernance.digital

TESTING:
- Local login now returns accessToken (308 char JWT)
- User object returned with proper ID serialization
- Auth flow: POST /api/auth/login → returns accessToken + user
- Ready for production deployment

FILES:
- src/controllers/auth.controller.js: Use accessToken field
- public/js/admin/login.js: Store data.accessToken, update default email
- scripts/fix-admin-user.js: Admin user creation/fix utility

NEXT STEPS:
1. Deploy to production
2. Run: node scripts/fix-admin-user.js admin@agenticgovernance.digital <password>
3. Test admin login at /admin/login.html

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-20 21:13:42 +13:00
..
admin.controller.js feat: comprehensive accessibility improvements (WCAG 2.1 AA) 2025-10-12 07:08:40 +13:00
audit.controller.js feat: Session 3 - Audit analytics dashboard 2025-10-10 13:05:14 +13:00
auth.controller.js fix(auth): resolve admin login - token sanitization and missing password field 2025-10-20 21:13:42 +13:00
blog.controller.js feat: comprehensive accessibility improvements (WCAG 2.1 AA) 2025-10-12 07:08:40 +13:00
cases.controller.js feat: add case submission portal admin interface and i18n support 2025-10-16 14:50:47 +13:00
documents.controller.js refactor(data): migrate legacy public field to modern visibility field 2025-10-19 13:49:21 +13:00
koha.controller.js feat(koha): implement Stripe Customer Portal integration 2025-10-18 22:19:08 +13:00
media.controller.js feat: implement Priority 4 backend - Media Triage AI Service 2025-10-11 18:10:57 +13:00
newsletter.controller.js feat: newsletter modal and deployment script enhancements 2025-10-14 13:11:46 +13:00
projects.controller.js feat: implement Rule Manager and Project Manager admin systems 2025-10-11 17:16:51 +13:00
rules.controller.js feat: implement Rule Manager and Project Manager admin systems 2025-10-11 17:16:51 +13:00
variables.controller.js feat: implement Rule Manager and Project Manager admin systems 2025-10-11 17:16:51 +13:00