jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Do not allow setting ghost password for user without username

Browse Source
This commit is contained in:
Johannes Zellner
2021-10-27 23:36:44 +02:00
parent 4356d673bc
commit cb8aa15e62
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/users.js
View File

@@ -267,6 +267,8 @@ async function setGhost(user, password, expiresAt) {
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof expiresAt, 'number');
if (!user.username) throw new BoxError(BoxError.BAD_STATE, 'user has no username yet');
expiresAt = expiresAt || (Date.now() + DEFAULT_GHOST_LIFETIME);
debug(`setGhost: ${user.username} expiresAt ${expiresAt}`);