MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Validate password on reset

This commit is contained in:
Adria Navarro 2024-01-02 13:05:48 +01:00
parent 1633284f9d
commit 7b9fadc3ba
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/worker/src/sdk/auth/auth.ts
View File

@ -7,6 +7,7 @@ import {
tenancy, tenancy,
utils as coreUtils, utils as coreUtils,
cache, cache,
security,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { PlatformLogoutOpts, User } from "@budibase/types" import { PlatformLogoutOpts, User } from "@budibase/types"
import jwt from "jsonwebtoken" import jwt from "jsonwebtoken"
@ -73,6 +74,11 @@ export const reset = async (email: string) => {
* Perform the user password update if the provided reset code is valid. * Perform the user password update if the provided reset code is valid.
*/ */
export const resetUpdate = async (resetCode: string, password: string) => { export const resetUpdate = async (resetCode: string, password: string) => {
const validation = security.validatePassword(password)
if (!validation.valid) {
throw new HTTPError(validation.error, 400)
}
const { userId } = await cache.passwordReset.getCode(resetCode) const { userId } = await cache.passwordReset.getCode(resetCode)
let user = await userSdk.db.getUser(userId) let user = await userSdk.db.getUser(userId)