nodejs/hanko
1
0
Fork 0
mirror of https://github.com/teamhanko/hanko.git synced 2025-10-28 06:37:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: add missing validation to the pw recovery action (#2151)

Browse Source
This commit is contained in:
bjoern-m
2025-05-08 10:59:28 +02:00
committed by GitHub
parent b157696a7c
commit 1d22a8f7a8
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/flow_api/flow/credential_usage/action_password_recovery.go
View File

@ -30,7 +30,8 @@ func (a PasswordRecovery) Initialize(c flowpilot.InitializationContext) {
c.AddInputs(flowpilot.PasswordInput("new_password"). c.AddInputs(flowpilot.PasswordInput("new_password").
Required(true). Required(true).
MinLength(deps.Cfg.Password.MinLength), MinLength(deps.Cfg.Password.MinLength).
MaxLength(72),
) )
if !deps.Cfg.Password.Enabled { if !deps.Cfg.Password.Enabled {
@ -41,6 +42,10 @@ func (a PasswordRecovery) Initialize(c flowpilot.InitializationContext) {
func (a PasswordRecovery) Execute(c flowpilot.ExecutionContext) error { func (a PasswordRecovery) Execute(c flowpilot.ExecutionContext) error {
deps := a.GetDeps(c) deps := a.GetDeps(c)
if valid := c.ValidateInputData(); !valid {
return c.Error(flowpilot.ErrorFormDataInvalid)
}
newPassword := c.Input().Get("new_password").String() newPassword := c.Input().Get("new_password").String()
if !c.Stash().Get(shared.StashPathUserID).Exists() { if !c.Stash().Get(shared.StashPathUserID).Exists() {