IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

validate valitity of userpassword when updating it via updateUserInfos

Browse Source
This commit is contained in:
Ulf Gebhardt 2022-03-07 13:31:33 +01:00
parent e0490827c7
commit cc596df22a
Signed by: ulfgebhardt
GPG Key ID: DA6B843E748679C9
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/graphql/resolver/UserResolver.ts
View File

@ -592,6 +592,13 @@ export class UserResolver {
}
if (password && passwordNew) {
// Validate Password
if (!isPassword(passwordNew)) {
throw new Error(
'Please enter a valid password with at least 8 characters, upper and lower case letters, at least one number and one special character!',
)
}
// TODO: This had some error cases defined - like missing private key. This is no longer checked.
const oldPasswordHash = SecretKeyCryptographyCreateKey(userEntity.email, password)
if (BigInt(userEntity.password.toString()) !== oldPasswordHash[0].readBigUInt64LE()) {