jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

never skip password verification

Browse Source
This commit is contained in:
Girish Ramakrishnan
2019-11-07 13:06:31 -08:00
parent ab650c7a95
commit 5c920fd200
4 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/test/apps-test.js
+1 -1
View File
@@ -211,7 +211,7 @@ function startBox(done) {
token_1 = hat(8 * 32);
// HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: 'cid-sdk', expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback); // cid-sdk means we don't need to send password
tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: 'cid-sdk', expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback);
});
},
src/routes/users.js
-2
View File
@@ -120,8 +120,6 @@ function remove(req, res, next) {
function verifyPassword(req, res, next) {
assert.strictEqual(typeof req.body, 'object');
if (req.authInfo.skipPasswordVerification) return next(); // using an 'sdk' token we skip password checks
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
users.verifyWithUsername(req.user.username, req.body.password, function (error) {