geforkt von mirrored/vaultwarden
Validate all needed fields for client API login
During the client API login we need to have a `device_identifier`, `device_name` and `device_type`. When these were not provided Vaultwarden would panic. This PR add checks for these fields and makes sure it returns a better error message instead of causing a panic.
Dieser Commit ist enthalten in:
Ursprung
569b464157
Commit
fc543154c0
1 geänderte Dateien mit 4 neuen und 0 gelöschten Zeilen
|
@ -52,6 +52,10 @@ async fn login(data: Form<ConnectData>, client_header: ClientHeaders, mut conn:
|
|||
_check_is_some(&data.client_secret, "client_secret cannot be blank")?;
|
||||
_check_is_some(&data.scope, "scope cannot be blank")?;
|
||||
|
||||
_check_is_some(&data.device_identifier, "device_identifier cannot be blank")?;
|
||||
_check_is_some(&data.device_name, "device_name cannot be blank")?;
|
||||
_check_is_some(&data.device_type, "device_type cannot be blank")?;
|
||||
|
||||
_api_key_login(data, &mut user_uuid, &mut conn, &ip).await
|
||||
}
|
||||
t => err!("Invalid type", t),
|
||||
|
|
Laden …
In neuem Issue referenzieren