jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Directly use users.verify() instead of another db lookup

Browse Source
This commit is contained in:
Johannes Zellner
2021-09-09 22:50:35 +02:00
parent 2d5eb6fd62
commit d3d22f0878
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/routes/users.js
View File

@@ -132,7 +132,7 @@ async function verifyPassword(req, res, next) {
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
const [error] = await safe(users.verifyWithUsername(req.user.username, req.body.password, users.AP_WEBADMIN));
const [error] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN));
if (error) return next(BoxError.toHttpError(error));
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password