steve
/
sunrise-cms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix potential vulnerability - codeql

deepsource-autofix-76c6eb20
Dan Gowans 2022-08-22 15:39:47 -04:00
parent 551dcc5cbf
commit 7d6ab7cc87
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
routes/login.js
View File

@ -36,7 +36,10 @@ router.route("/")
.post(async (request, response) => { .post(async (request, response) => {
const userName = request.body.userName; const userName = request.body.userName;
const passwordPlain = request.body.password; const passwordPlain = request.body.password;
const redirectURL = getSafeRedirectURL(request.body.redirect); const unsafeRedirectURL = request.body.redirect;
const redirectURL = getSafeRedirectURL(typeof (unsafeRedirectURL) === "string" ?
unsafeRedirectURL :
"");
const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain); const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain);
let userObject; let userObject;
if (isAuthenticated) { if (isAuthenticated) {

6
routes/login.ts
View File

@ -59,7 +59,11 @@ router.route("/")
const userName = request.body.userName as string; const userName = request.body.userName as string;
const passwordPlain = request.body.password as string; const passwordPlain = request.body.password as string;
const redirectURL = getSafeRedirectURL(request.body.redirect); const unsafeRedirectURL = request.body.redirect;
const redirectURL = getSafeRedirectURL(typeof (unsafeRedirectURL) === "string" ?
unsafeRedirectURL :
"");
const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain) const isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain)
let userObject: recordTypes.User; let userObject: recordTypes.User;