-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update verify-signup-set-password.js #167
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Commented this line to fix a security issue where password is set even if token don't match. `await eraseVerifyPropsSetPassword(user1, user1.isVerified, {}, password, field);`
Remove verifyProps to reduce risk of brute-force the short token.
fratzinger
added a commit
that referenced
this pull request
Jul 28, 2022
…and vitepress docs (#164) * refactor: typescript minimum valuable product * refactor: move to typescript - complete typing - update dependencies - semistandard -> eslint-typescript - start converting tests to typescript - ref #144 * test: add typings to tests and fix some bugs - identityChange had no 'field' property - tests fixes * refactor: start seperate services - add passwordField to options - propper typing * test: make nyc report working again * refactor: move to seperate services - call seperate services from main service * docs: add description to service calls * refactor: add better IDE-support - destructure create-data for better IDE support - move AuthenticationManagementService to seperate file * docs: init vuepress * refactor: remove `field` parameter - completely move `passwordField` to options * feat: separate services - Base class with publish-prevention - `useSeparateServicePaths` option - use internal service.options instead of create({ action: 'options' }) - add tests for publish - add tests for `useSeparateServicePaths` - more typings * modify client authenticate * docs: add hooks docs * small changes - export defaultOptions -> addVerification - path - rearrange useSeparateServices * several improvements - divide Service & configure functions - ensure options per Service - types: better types - chore: update dependencies - tests: add tests for separate services - tests: increase about-time to 600 * small changes - better typing (abstract _create with type) - sort actions alphabetically * docs: improvements - overview page - started services page * docs: add example * chore: rename folder "service" to "services" * docs: continue docs * feat: prepare for custom methods from feathers^5 * chore: expose services at root * docs(chore): move vuepress to vitepress * refactor: move methods to seperate folder * docs: align with PR from rma4ok * refactor: add custom methods without '_' - refactor: add import type where necessary - refactor: add newlines for function params - refactor: destructure imports * port #167 to typescript * test: fix basicSpy 'this' on function * chore: update dependencies * chore: major update dependencies & remove unnecessary packages * refactor: move defaultOptions to own file - refactor: rename configureAuth to setupAuth * refactor(methods): Promise.all tokens * types: add GetUserDataCheckProps * perf(addVerification): move promise down * perf(checkUnique): add pagination * refactor(methods): add $limit: 2 to find * test: chore - rename titles '.js' to '.ts' * chore: isDateAfterNow helper to helpers/index * test: add tests for helpers * refactor(test): reorganize test-files - move to test/hooks - move to test/methods - rename test/helpers to test/test-helpers * fix: typo identityChange * tests: test authMgmt/create, /[method], separate service - refactor: remove chai - refactor: move many try-catch - refactor: users - refactor: use [idType] * chore: min-version node@10 - remove chai - npm update * test: chore - rename tests & move idType * re-structures docs and adds new Getting Started * adds new overview and configuration chapters * addschapters process flows and service calls * after docs text review * !feat: remove 'useSeparateServices' * refactor: rename 'configure' to 'setup' * test: add custom path test to 'add-verification' * chore: move npmignore to package.files - remove babel - update badges in readme - update license year * chore: npm update * !refactor: app as first argument for constructor - BREAKING CHANGE * fix: NotifierOptions type * extended regarding feedback * refactor: remove swagger docs from constructor * docs: vuepress@next, improve service calls - move from vitepress to vuepress@next for <CodeGroup> - add logo - remove note about 'docs' of swagger - remove 'prefferedComm' because it's not used anywhere - improve `multi:true` on users-hooks * test: ensure exported members * docs: remove old stuff * chore: lint --fix * docs: add note to pre-release * !refactor: remove 'value' from custom methods & separate services - BREAKING CHANGE * fix: VerifyChanges * 4.0.0-pre.0 * Updating changelog * docs: add pre tag to install script * docs: add feathers-mailer to install script * docs: fix typo * docs: add options to service calls * docs: fix getting-started * feat: add multi support for 'add-verification' hook * docs: add vue example to example folder * fix(client): improve client and export in entry file * refactor: rename and export helpers * docs: add descriptions to type options * docs: center images * docs: comment out stuff in service calls * chore: increase codeclimate thresholds * chore: eslintignore examples * 4.0.0-pre.1 * Updating changelog * docs: init migration guide * docs: migration guide add channels note * docs: update notifier example * docs: add search * docs: add note to 'isVerified' about authenticate before * docs: fix preventChanges first param * chore: shrink helpers-folder * chore: clean test setup * refactor: more declarative methods, $limit: 2 & passwordField - rename user1, user2, user3 to declarative names - use $limit: 2 everywhere - use [passwordField] consequently * chore: update dependencies & import/order * chore: remove eslint-config-standard * ci: update coverage action to v3 * chore: update dependencies * chore: change feathers contributors as author * 4.0.0-pre.2 * Updating changelog * docs: move to vitepress * docs: move to Tabs and dismiss CodeGroup * docs: fix primary color * ci: add node v18 to matrix Co-authored-by: Onno Gabriel <contact@datacodedesign.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commented this line to fix a security issue where password is set even if token don't match.
await eraseVerifyPropsSetPassword(user1, user1.isVerified, {}, password, field);
Related to : #142 (comment)