nodejs/hanko
1
0
Fork 0
mirror of https://github.com/teamhanko/hanko.git synced 2025-10-27 22:27:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: add missing validation to the pw recovery action (#2151)

Browse Source
This commit is contained in:
bjoern-m
2025-05-08 10:59:28 +02:00
committed by GitHub
parent b157696a7c
commit 1d22a8f7a8
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/flow_api/flow/credential_usage/action_password_recovery.go
View File

@ -30,7 +30,8 @@ func (a PasswordRecovery) Initialize(c flowpilot.InitializationContext) {
c.AddInputs(flowpilot.PasswordInput("new_password").
Required(true).
MinLength(deps.Cfg.Password.MinLength),
MinLength(deps.Cfg.Password.MinLength).
MaxLength(72),
)
if !deps.Cfg.Password.Enabled {
@ -41,6 +42,10 @@ func (a PasswordRecovery) Initialize(c flowpilot.InitializationContext) {
func (a PasswordRecovery) Execute(c flowpilot.ExecutionContext) error {
deps := a.GetDeps(c)
if valid := c.ValidateInputData(); !valid {
return c.Error(flowpilot.ErrorFormDataInvalid)
}
newPassword := c.Input().Get("new_password").String()
if !c.Stash().Get(shared.StashPathUserID).Exists() {