Jump to content
Sign in to follow this  

Issues updating 'sha_pass_hash' column in 'auth.account' table

Recommended Posts

One of the functions of the registration web application I'm building for my servers allows a user to change their password through the application, but during my testing I've seen some really weird behavior: The new 'sha_pass_hash' gets updated to appropriately reflect the value the user chose for their new password, and it allows them to log into the web application fine, but from within the 3.3.5a client, their old password is the one that still authenticates them successfully.

At first I thought the old passwords were kept in memory somewhere, but I had power-cycled the VM running TrinityCore and the database and the behavior is persistent. My application doesn't store credentials in memory either, the most I do is serialize the 'username' and 'id' columns from 'auth.account' into a timed JWT that I use on my front-end for seamless navigation through the app without forcing the user to do basic HTTP authentication everytime an API endpoint is called.

I was also wondering if this had something to do with the 'sessionkey' columns, however I can't find any description in the documentation about what those hashes are and if it's safe to clear them.

Some code, for reference (The back-end for this is a REST API written in Python with Flask and Flask-SQLAlchemy):

SQLAlchemy model for the 'account' table

Authentication logic

The 'update password' function


Edited by FrootSnax

Share this post

Link to post
Share on other sites

You should either use SOAP from your website to connect to running worldserver and send .accont set password comand (preferred) or just clear s and v fields from auth.account (this method might go away in undetermined future)

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...