kamp/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2024-11-10 17:00:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

security: patch primsa expansion on token request

Browse Source
This commit is contained in:
timothycarambat 2024-03-29 11:47:30 -07:00
parent 52fac84422
commit 2374939ffb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/endpoints/system.js
View File

@ -105,7 +105,7 @@ function systemEndpoints(app) {
if (await SystemSettings.isMultiUserMode()) {
const { username, password } = reqBody(request);
const existingUser = await User.get({ username });
const existingUser = await User.get({ username: String(username) });
if (!existingUser) {
await EventLogs.logEvent(
@ -125,7 +125,7 @@ function systemEndpoints(app) {
return;
}
if (!bcrypt.compareSync(password, existingUser.password)) {
if (!bcrypt.compareSync(String(password), existingUser.password)) {
await EventLogs.logEvent(
"failed_login_invalid_password",
{