mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-24 04:58:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

graph: Fix Status code when updating the password

Browse Source 
Up to now the /me/changePassword endpoint return a 500 Status when
issue a password change with the old password set to the wrong password.
This changes the code to return 400 (Bad Request) with an additional
message that the old password is wrong. This does not seem to weaken the
security of /me/changePassword (i.e. for allowing easier brute-force
attacks) as the endpoint is only available to already authenticated
users (and only for changing their own passwords)

See #4480
This commit is contained in:
Ralf Haferkamp
2022-08-31 12:46:03 +02:00
committed by Ralf Haferkamp
parent 68e5830bf0
commit 29f52515e1
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/acceptance/features/apiGraph/changeOwnPassword.feature
+1 -1
View File
@@ -13,5 +13,5 @@ Feature: an user changes its own password
| 123456 | ?&^%0 | 204 |
| 123456 | | 400 |
| 123456 | 123456 | 400 |
| wrongPass | 123456 | 500 |
| wrongPass | 123456 | 400 |
| | validPass | 400 |