mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-10-02 08:50:11 +02:00
[BUG] Fixed mass_assignment vuln (#566)
Fixed mass_assignment vuln Co-authored-by: dastaj <78434825+dastaj@users.noreply.github.com>
This commit is contained in:
parent
259079ac58
commit
8cd3a92c66
@ -33,7 +33,7 @@ function inviteEndpoints(app) {
|
||||
app.post("/invite/:code", async (request, response) => {
|
||||
try {
|
||||
const { code } = request.params;
|
||||
const userParams = reqBody(request);
|
||||
const { username, password } = reqBody(request);
|
||||
const invite = await Invite.get({ code });
|
||||
if (!invite || invite.status !== "pending") {
|
||||
response
|
||||
@ -42,7 +42,11 @@ function inviteEndpoints(app) {
|
||||
return;
|
||||
}
|
||||
|
||||
const { user, error } = await User.create(userParams);
|
||||
const { user, error } = await User.create(({
|
||||
username,
|
||||
password,
|
||||
role: "default",
|
||||
}));
|
||||
if (!user) {
|
||||
console.error("Accepting invite:", error);
|
||||
response
|
||||
|
Loading…
Reference in New Issue
Block a user