lee/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-05-29 21:01:27 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

dev: add extra safeguards for system user

Browse Source
This commit is contained in:
KernelDeimos
2025-01-23 11:03:21 -05:00
parent 7909cae76e
commit ee136f4168
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/backend/src/routers/login.js
+7
View File
@@ -108,6 +108,13 @@ router.post('/login', express.json(), body_parser_error_handler, async (req, res
if(!user)
return res.status(400).send('Email not found.')
}
if (user.username === 'system' && config.allow_system_login !== true) {
return res.status(400).send(
req.body.username
? 'Username not found.'
: 'Email not found.'
)
}
// is user suspended?
if(user.suspended)
return res.status(401).send('This account is suspended.')
src/backend/src/routers/send-pass-recovery-email.js
+14
View File
@@ -74,10 +74,24 @@ router.post('/send-pass-recovery-email', express.json(), body_parser_error_handl
return res.status(400).send('Email not found.')
}
if ( user.username === 'system' && config.allow_system_login !== true ) {
return res.status(400).send(
req.body.username
? 'Username not found.'
: 'Email not found.'
)
}
// check if user is suspended
if(user.suspended){
return res.status(401).send('Account suspended');
}
// check if user even has an email for recovery
if( ! user.email ) {
return res.status(422).send('No email associated with this account.');
}
// set pass_recovery_token
const { v4: uuidv4 } = require('uuid');
const nodemailer = require("nodemailer");