IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1568 from gradido/fix_validate_password_update_user_infos

Browse Source 
Fix: Validate password on UpdateUserInfos
This commit is contained in:
Ulf Gebhardt 2022-03-07 16:18:25 +01:00 committed by GitHub
commit a6467c4f12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/graphql/resolver/UserResolver.ts
View File

@ -592,6 +592,13 @@ export class UserResolver {
}
if (password && passwordNew) {
// Validate Password
if (!isPassword(passwordNew)) {
throw new Error(
'Please enter a valid password with at least 8 characters, upper and lower case letters, at least one number and one special character!',
)
}
// TODO: This had some error cases defined - like missing private key. This is no longer checked.
const oldPasswordHash = SecretKeyCryptographyCreateKey(userEntity.email, password)
if (BigInt(userEntity.password.toString()) !== oldPasswordHash[0].readBigUInt64LE()) {