llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-08 00:50:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add forbidden check in SetPassword()

Browse Source
This commit is contained in:
Yang Luo
2024-01-19 16:30:22 +08:00
parent 5e99007fc9
commit 88130bf020
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/user.go
View File

@ -473,6 +473,11 @@ func (c *ApiController) SetPassword() {
return return
} }
if targetUser.IsForbidden || targetUser.IsDeleted {
c.ResponseError(c.T("account:Failed to set password, the user is either forbidden or deleted"))
return
}
isAdmin := c.IsAdmin() isAdmin := c.IsAdmin()
if isAdmin { if isAdmin {
if oldPassword != "" { if oldPassword != "" {