mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-12-15 05:41:51 +08:00
Prevented a future accidental XSS vulnerability in Register endpoint error
The username parameter was passed to an exception that is currently turned into json, but in the future the way this exception is handled could have changed.
This commit is contained in:
parent
a6c286b0f2
commit
c44d3d7a7e
@ -35,7 +35,7 @@ import java.util.Optional;
|
||||
@Singleton
|
||||
public class RegisterResolver implements NoAuthResolver {
|
||||
|
||||
private DBSystem dbSystem;
|
||||
private final DBSystem dbSystem;
|
||||
|
||||
@Inject
|
||||
public RegisterResolver(DBSystem dbSystem) {this.dbSystem = dbSystem;}
|
||||
@ -58,7 +58,7 @@ public class RegisterResolver implements NoAuthResolver {
|
||||
String username = query.get("user").orElseThrow(() -> new BadRequestException("'user' parameter not defined"));
|
||||
|
||||
boolean alreadyExists = dbSystem.getDatabase().query(WebUserQueries.fetchUser(username)).isPresent();
|
||||
if (alreadyExists) throw new BadRequestException("User '" + username + "' already exists!");
|
||||
if (alreadyExists) throw new BadRequestException("User already exists!");
|
||||
|
||||
String password = query.get("password").orElseThrow(() -> new BadRequestException("'password' parameter not defined"));
|
||||
try {
|
||||
|
Loading…
Reference in New Issue
Block a user