From 7b9fadc3badc6c21e18b4b07644d86e366fa39d4 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 2 Jan 2024 13:05:48 +0100 Subject: [PATCH] Validate password on reset --- packages/worker/src/sdk/auth/auth.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/worker/src/sdk/auth/auth.ts b/packages/worker/src/sdk/auth/auth.ts index 1f9da8a260..be5de649da 100644 --- a/packages/worker/src/sdk/auth/auth.ts +++ b/packages/worker/src/sdk/auth/auth.ts @@ -7,6 +7,7 @@ import { tenancy, utils as coreUtils, cache, + security, } from "@budibase/backend-core" import { PlatformLogoutOpts, User } from "@budibase/types" import jwt from "jsonwebtoken" @@ -73,6 +74,11 @@ export const reset = async (email: string) => { * Perform the user password update if the provided reset code is valid. */ export const resetUpdate = async (resetCode: string, password: string) => { + const validation = security.validatePassword(password) + if (!validation.valid) { + throw new HTTPError(validation.error, 400) + } + const { userId } = await cache.passwordReset.getCode(resetCode) let user = await userSdk.db.getUser(userId)