You can't get the current user data without their uid. If you have access to the express req object you can grab it with req.uid or if it is a socket call then its socket.uid. The value of uid is 0 if the user is not logged in.
Pwned Passwords service in nodebb
Duehok last edited by Duehok
There's this very nice service that can check if a password has already appeared in a database breach:
Are there any plugin that would integrate this in nodebb when users are registering or changing passwords?
NodeBB core has a setting to check a database of commonly used passwords. There's nothing for checking HIBP at the moment.
Duehok last edited by
Nice! So even if pwned password is not used yet at least the developpers are aware of the issue and doing the next best thing.
Since this topic was created such plugin was actually created by someone (Ben Lubar to be exact): https://github.com/BenLubar/nodebb-plugin-pwned-passwords
I'm posting it here mostly because I haven't seen it posted anywhere on this forum, so now it will be easier to find And also in case Duehok still wants it and didn't see that it exists.