Fixed vulnerability issue where the auth Update endpoint wasn't protected.
This commit is contained in:
parent
5c987a9057
commit
794eec8666
1 changed files with 8 additions and 0 deletions
|
|
@ -82,6 +82,13 @@ public class AuthController(Authentication authentication, Settings settings) :
|
|||
return StatusCode(401);
|
||||
}
|
||||
|
||||
var user = await authentication.GetUser();
|
||||
|
||||
if (user != null)
|
||||
{
|
||||
return StatusCode(401);
|
||||
}
|
||||
|
||||
await settings.Update("Provider:Provider", request.Provider);
|
||||
await settings.Update("Provider:ApiKey", request.Token);
|
||||
|
||||
|
|
@ -130,6 +137,7 @@ public class AuthController(Authentication authentication, Settings settings) :
|
|||
|
||||
[Route("Update")]
|
||||
[HttpPost]
|
||||
[Authorize(Policy = "AuthSetting")]
|
||||
public async Task<ActionResult> Update([FromBody] AuthControllerUpdateRequest? request)
|
||||
{
|
||||
if (request == null)
|
||||
|
|
|
|||
Loading…
Reference in a new issue