github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

improved user update validation (#10322)

pull/10330/head
Matt Hook 2023-09-18 12:29:12 +12:00 committed by GitHub
parent 011a1ce720
commit 034157be9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/http/handler/users/user_update.go
View File

@ -113,6 +113,14 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http
user.Username = payload.Username user.Username = payload.Username
} }
if payload.Password != "" && payload.NewPassword == "" {
if tokenData.Role == portainer.AdministratorRole {
return httperror.BadRequest("Existing password field specified without new password field.", errors.New("To change the password as an admin, you only need 'newPassword' in your request"))
}
return httperror.BadRequest("Existing password field specified without new password field.", errors.New("To change the password, you must include both 'password' and 'newPassword' in your request"))
}
if payload.NewPassword != "" { if payload.NewPassword != "" {
// Non-admins need to supply the previous password // Non-admins need to supply the previous password
if tokenData.Role != portainer.AdministratorRole { if tokenData.Role != portainer.AdministratorRole {