dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-28 07:16:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow password-based user login only when password is truthy

Browse Source
This commit is contained in:
michael-pattern
2024-05-08 17:52:50 -04:00
parent 26471517a9
commit 696d870c2f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/api/src/controllers/auth.js
View File

@@ -137,7 +137,7 @@ module.exports = {
return { error: 'Logins not configured' }; return { error: 'Logins not configured' };
} }
const foundLogin = logins.find(x => x.login == login); const foundLogin = logins.find(x => x.login == login);
if (foundLogin && foundLogin.password == password) { if (foundLogin && foundLogin.password && foundLogin.password == password) {
return { return {
accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }), accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
}; };