mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-10-04 01:40:12 +02:00
[BUG] Fixed mass_assignment vuln (#566)
Fixed mass_assignment vuln Co-authored-by: dastaj <78434825+dastaj@users.noreply.github.com>
This commit is contained in:
parent
259079ac58
commit
8cd3a92c66
@ -33,7 +33,7 @@ function inviteEndpoints(app) {
|
|||||||
app.post("/invite/:code", async (request, response) => {
|
app.post("/invite/:code", async (request, response) => {
|
||||||
try {
|
try {
|
||||||
const { code } = request.params;
|
const { code } = request.params;
|
||||||
const userParams = reqBody(request);
|
const { username, password } = reqBody(request);
|
||||||
const invite = await Invite.get({ code });
|
const invite = await Invite.get({ code });
|
||||||
if (!invite || invite.status !== "pending") {
|
if (!invite || invite.status !== "pending") {
|
||||||
response
|
response
|
||||||
@ -42,7 +42,11 @@ function inviteEndpoints(app) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const { user, error } = await User.create(userParams);
|
const { user, error } = await User.create(({
|
||||||
|
username,
|
||||||
|
password,
|
||||||
|
role: "default",
|
||||||
|
}));
|
||||||
if (!user) {
|
if (!user) {
|
||||||
console.error("Accepting invite:", error);
|
console.error("Accepting invite:", error);
|
||||||
response
|
response
|
||||||
|
Loading…
Reference in New Issue
Block a user