Acasă Explorează Ajutor
Autentificare
wiki
/
weseek__growi
oglindă de https://github.com/weseek/growi
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

use validator

reiji-h 1 an în urmă
părinte
504e26817a
comite
8e5cc826b1
1 a modificat fișierele cu 10 adăugiri și 5 ștergeri
Vedere unificată Arată Statisticile Diff
  1. 10 5
      apps/app/src/server/routes/apiv3/forgot-password.js

+ 10 - 5
apps/app/src/server/routes/apiv3/forgot-password.js
Vizualizați fișierul 

@@ -19,8 +19,6 @@ const logger = loggerFactory('growi:routes:apiv3:forgotPassword'); // eslint-dis
 
 const express = require('express');
 
 const express = require('express');
 
 const { body } = require('express-validator');
 
 const { body } = require('express-validator');
 
 
 
-const filterXss = new FilterXSS();
 
-
 
 const router = express.Router();
 
 const router = express.Router();
 
 
 
 module.exports = (crowi) => {
 
 module.exports = (crowi) => {
 
@@ -45,6 +43,13 @@ module.exports = (crowi) => {
 
           return (value === req.body.newPassword);
 
           return (value === req.body.newPassword);
 
         }),
 
         }),
 
     ],
 
     ],
 
+    email: [
 
+      body('email')
 
+        .isEmail()
 
+        .withMessage('message.Email format is invalid')
 
+        .exists()
 
+        .withMessage('message.Email field is required'),
 
+    ],
 
   };
 
   };
 
 
 
   const checkPassportStrategyMiddleware = checkForgotPasswordEnabledMiddlewareFactory(crowi, true);
 
   const checkPassportStrategyMiddleware = checkForgotPasswordEnabledMiddlewareFactory(crowi, true);
 
@@ -63,8 +68,8 @@ module.exports = (crowi) => {
 
     });
 
     });
 
   }
 
   }
 
 
 
-  router.post('/', checkPassportStrategyMiddleware, addActivity, async(req, res) => {
 
-    const email = filterXss.process(req.body.email);
 
+  router.post('/', checkPassportStrategyMiddleware, validator.email, addActivity, async(req, res) => {
 
+    const { email } = req.body;
 
     const locale = configManager.getConfig('crowi', 'app:globalLang');
 
     const locale = configManager.getConfig('crowi', 'app:globalLang');
 
     const appUrl = appService.getSiteUrl();
 
     const appUrl = appService.getSiteUrl();
 
 
 
@@ -100,7 +105,7 @@ module.exports = (crowi) => {
 
   // eslint-disable-next-line max-len
 
   // eslint-disable-next-line max-len
 
   router.put('/', checkPassportStrategyMiddleware, injectResetOrderByTokenMiddleware, validator.password, apiV3FormValidator, addActivity, async(req, res) => {
 
   router.put('/', checkPassportStrategyMiddleware, injectResetOrderByTokenMiddleware, validator.password, apiV3FormValidator, addActivity, async(req, res) => {
 
     const { passwordResetOrder } = req;
 
     const { passwordResetOrder } = req;
 
-    const email = filterXss.process(passwordResetOrder.email);
 
+    const { email } = passwordResetOrder;
 
     const grobalLang = configManager.getConfig('crowi', 'app:globalLang');
 
     const grobalLang = configManager.getConfig('crowi', 'app:globalLang');
 
     const i18n = grobalLang || req.language;
 
     const i18n = grobalLang || req.language;
 
     const { newPassword } = req.body;
 
     const { newPassword } = req.body;