1berry/wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: prevent password reset on disabled account

Browse Source
This commit is contained in:
Nicolas Giard 2024-08-29 03:06:06 -04:00 committed by GitHub
parent d1b4c8c407
commit b9fb17d4d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/models/users.js
View File

@ -499,6 +499,10 @@ module.exports = class User extends Model {
})
if (usr) {
if (!usr.isActive) {
throw new WIKI.Error.AuthAccountBanned()
}
await WIKI.models.users.query().patch({
password: newPassword,
mustChangePwd: false
@ -527,6 +531,9 @@ module.exports = class User extends Model {
if (!usr) {
WIKI.logger.debug(`Password reset attempt on nonexistant local account ${email}: [DISCARDED]`)
return
} else if (!usr.isActive) {
WIKI.logger.debug(`Password reset attempt on disabled local account ${email}: [DISCARDED]`)
return
}
const resetToken = await WIKI.models.userKeys.generateToken({
userId: usr.id,