Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update verify-signup-set-password.js #167

Merged
merged 2 commits into from
Jun 28, 2021

Conversation

GautierT
Copy link
Contributor

@GautierT GautierT commented Jun 24, 2021

Commented this line to fix a security issue where password is set even if token don't match.

await eraseVerifyPropsSetPassword(user1, user1.isVerified, {}, password, field);

Related to : #142 (comment)

Commented this line to fix a security issue where password is set even if token don't match.

`await eraseVerifyPropsSetPassword(user1, user1.isVerified, {}, password, field);`
Remove verifyProps to reduce risk of brute-force the short token.
@claustres claustres merged commit 8892800 into feathersjs-ecosystem:master Jun 28, 2021
fratzinger added a commit that referenced this pull request Jul 28, 2022
…and vitepress docs (#164)

* refactor: typescript minimum valuable product

* refactor: move to typescript
- complete typing
- update dependencies
- semistandard -> eslint-typescript
- start converting tests to typescript
- ref #144

* test: add typings to tests and fix some bugs
- identityChange had no 'field' property
- tests fixes

* refactor: start seperate services
- add passwordField to options
- propper typing

* test: make nyc report working again

* refactor: move to seperate services
- call seperate services from main service

* docs: add description to service calls

* refactor: add better IDE-support
- destructure create-data for better IDE support
- move AuthenticationManagementService to seperate file

* docs: init vuepress

* refactor: remove `field` parameter
- completely move `passwordField` to options

* feat: separate services
- Base class with publish-prevention
- `useSeparateServicePaths` option
-  use internal service.options instead of create({ action: 'options' })
- add tests for publish
- add tests for `useSeparateServicePaths`
- more typings

* modify client authenticate

* docs: add hooks docs

* small changes
- export defaultOptions -> addVerification - path
- rearrange useSeparateServices

* several improvements
- divide Service & configure functions
- ensure options per Service
- types: better types
- chore: update dependencies
- tests: add tests for separate services
- tests: increase about-time to 600

* small changes
- better typing (abstract _create with type)
- sort actions alphabetically

* docs: improvements
- overview page
- started services page

* docs: add example

* chore: rename folder "service" to "services"

* docs: continue docs

* feat: prepare for custom methods from feathers^5

* chore: expose services at root

* docs(chore): move vuepress to vitepress

* refactor: move methods to seperate folder

* docs: align with PR from rma4ok

* refactor: add custom methods without '_'
- refactor: add import type where necessary
- refactor: add newlines for function params
- refactor: destructure imports

* port #167 to typescript

* test: fix basicSpy 'this' on function

* chore: update dependencies

* chore: major update dependencies & remove unnecessary packages

* refactor: move defaultOptions to own file
- refactor: rename configureAuth to setupAuth

* refactor(methods): Promise.all tokens

* types: add GetUserDataCheckProps

* perf(addVerification): move promise down

* perf(checkUnique): add pagination

* refactor(methods): add $limit: 2 to find

* test: chore - rename titles '.js' to '.ts'

* chore: isDateAfterNow helper to helpers/index

* test: add tests for helpers

* refactor(test): reorganize test-files
- move to test/hooks
- move to test/methods
- rename test/helpers to test/test-helpers

* fix: typo identityChange

* tests: test authMgmt/create, /[method], separate service
- refactor: remove chai
- refactor: move many try-catch
- refactor: users
- refactor: use [idType]

* chore: min-version node@10
- remove chai
- npm update

* test: chore - rename tests & move idType

* re-structures docs and adds new Getting Started

* adds new overview and configuration chapters

* addschapters process flows and service calls

* after docs text review

* !feat: remove 'useSeparateServices'

* refactor: rename 'configure' to 'setup'

* test: add custom path test to 'add-verification'

* chore: move npmignore to package.files
- remove babel
- update badges in readme
- update license year

* chore: npm update

* !refactor: app as first argument for constructor
- BREAKING CHANGE

* fix: NotifierOptions type

* extended regarding feedback

* refactor: remove swagger docs from constructor

* docs: vuepress@next, improve service calls
- move from vitepress to vuepress@next for <CodeGroup>
- add logo
- remove note about 'docs' of swagger
- remove 'prefferedComm' because it's not used anywhere
- improve `multi:true` on users-hooks

* test: ensure exported members

* docs: remove old stuff

* chore: lint --fix

* docs: add note to pre-release

* !refactor: remove 'value' from custom methods & separate services
- BREAKING CHANGE

* fix: VerifyChanges

* 4.0.0-pre.0

* Updating changelog

* docs: add pre tag to install script

* docs: add feathers-mailer to install script

* docs: fix typo

* docs: add options to service calls

* docs: fix getting-started

* feat: add multi support for 'add-verification' hook

* docs: add vue example to example folder

* fix(client): improve client and export in entry file

* refactor: rename and export helpers

* docs: add descriptions to type options

* docs: center images

* docs: comment out stuff in service calls

* chore: increase codeclimate thresholds

* chore: eslintignore examples

* 4.0.0-pre.1

* Updating changelog

* docs: init migration guide

* docs: migration guide add channels note

* docs: update notifier example

* docs: add search

* docs: add note to 'isVerified' about authenticate before

* docs: fix preventChanges first param

* chore: shrink helpers-folder

* chore: clean test setup

* refactor: more declarative methods, $limit: 2 & passwordField
- rename user1, user2, user3 to declarative names
- use $limit: 2 everywhere
- use [passwordField] consequently

* chore: update dependencies & import/order

* chore: remove eslint-config-standard

* ci: update coverage action to v3

* chore: update dependencies

* chore: change feathers contributors as author

* 4.0.0-pre.2

* Updating changelog

* docs: move to vitepress

* docs: move to Tabs and dismiss CodeGroup

* docs: fix primary color

* ci: add node v18 to matrix

Co-authored-by: Onno Gabriel <contact@datacodedesign.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants