Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update user data sanitizing function types #2383

Open
infomiho opened this issue Nov 25, 2024 · 0 comments
Open

Update user data sanitizing function types #2383

infomiho opened this issue Nov 25, 2024 · 0 comments
Assignees
Labels
auth refactoring Keeping that code clean! shouldfix We should do/fix this at some point

Comments

@infomiho
Copy link
Contributor

When we sanitize provider data, before saving it, we make sure to hash the password.

The function that does that looks smth like this:

function sanitize(data: { hashedPassword: string }): { hashedPassword: string } {
  data.hashedPassword = hash(data.hashedPassword);
  return data;
}

This means that this fn can be accidentally called again on already sanitized provider data.

The function should look more like this:

function sanitize(data: { password: string }): { hashedPassword: string } {
  data.hashedPassword = hash(data.password);
  return data;
}

so that the input and the output types are structurally different and you can't sanitize already sanitized data.

Related to https://github.com/wasp-lang/wasp/pull/2360/files#r1855479164

@infomiho infomiho changed the title Update types for provider data sanitising Update user data sanitizing function types Nov 25, 2024
@infomiho infomiho self-assigned this Nov 25, 2024
@infomiho infomiho added the auth label Nov 25, 2024
@Martinsos Martinsos added the shouldfix We should do/fix this at some point label Nov 27, 2024
@sodic sodic added the refactoring Keeping that code clean! label Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth refactoring Keeping that code clean! shouldfix We should do/fix this at some point
Projects
None yet
Development

No branches or pull requests

3 participants