llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 10:45:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: fix forbidden and soft-delete check in forget password page

Browse Source
This commit is contained in:
Yang Luo 2024-01-19 22:13:02 +08:00
parent 88130bf020
commit 6a00657e42
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/user.go
View File

@ -473,11 +473,6 @@ func (c *ApiController) SetPassword() {
return
}
if targetUser.IsForbidden || targetUser.IsDeleted {
c.ResponseError(c.T("account:Failed to set password, the user is either forbidden or deleted"))
return
}
isAdmin := c.IsAdmin()
if isAdmin {
if oldPassword != "" {

9
controllers/verification.go
View File

@ -109,6 +109,15 @@ func (c *ApiController) SendVerificationCode() {
c.ResponseError(err.Error())
return
}
if user == nil || user.IsDeleted {
c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
return
}
if user.IsForbidden {
c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
return
}
}
// mfaUserSession != "", means method is MfaAuthVerification