Move password checks to db

2024-09-30 00:57:16 +13:00 · 2024-01-03 12:00:25 +01:00 · 2024-01-03 12:00:25 +01:00 · b45717a1e1
commit b45717a1e1
parent 66fd8b936f
3 changed files with 7 additions and 12 deletions
--- a/packages/backend-core/src/users/db.ts
+++ b/packages/backend-core/src/users/db.ts
@ -27,6 +27,7 @@ import {
 } from "./utils"
 import { searchExistingEmails } from "./lookup"
 import { hash } from "../utils"
+import { security } from ".."

 type QuotaUpdateFn = (
  change: number,
@ -110,6 +111,12 @@ export class UserDB {
      if (await UserDB.isPreventPasswordActions(user, account)) {
        throw new HTTPError("Password change is disabled for this user", 400)
      }
+
+      const passwordValidation = security.validatePassword(password)
+      if (!passwordValidation.valid) {
+        throw new HTTPError(passwordValidation.error, 400)
+      }
+
      hashedPassword = opts.hashPassword ? await hash(password) : password
    } else if (dbUser) {
      hashedPassword = dbUser.password
--- a/packages/worker/src/api/controllers/global/users.ts
+++ b/packages/worker/src/api/controllers/global/users.ts
@ -27,7 +27,6 @@ import {
  platform,
  tenancy,
  db,
-  security,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
 import { isEmailConfigured } from "../../../utilities/email"
@ -99,11 +98,6 @@ export const adminUser = async (
    ctx.throw(403, "Organisation already exists.")
  }

-  const passwordValidation = security.validatePassword(password)
-  if (!passwordValidation.valid) {
-    ctx.throw(400, passwordValidation.error)
-  }
-
  if (env.MULTI_TENANCY) {
    // store the new tenant record in the platform db
    await platform.tenants.addTenant(tenantId)
--- a/packages/worker/src/sdk/auth/auth.ts
+++ b/packages/worker/src/sdk/auth/auth.ts
@ -7,7 +7,6 @@ import {
  tenancy,
  utils as coreUtils,
  cache,
-  security,
 } from "@budibase/backend-core"
 import { PlatformLogoutOpts, User } from "@budibase/types"
 import jwt from "jsonwebtoken"
@ -77,11 +76,6 @@ export const resetUpdate = async (resetCode: string, password: string) => {
  const { userId } = await cache.passwordReset.getCode(resetCode)
  let user = await userSdk.db.getUser(userId)

-  const validation = security.validatePassword(password)
-  if (!validation.valid) {
-    throw new HTTPError(validation.error, 400)
-  }
-
  user.password = password
  user = await userSdk.db.save(user)