forked from baron/baron-sso
fix: resolve nil pointer panic in password reset handler (issue #79)
- Add nil check for DescopeClient before accessing password policy. - Use fallback password policy (min 8 chars) if DescopeClient is nil or policy fetch fails. - Ensure 400 Bad Request is returned for weak passwords even in test environments without DescopeClient. - Fix syntax errors introduced during manual edit.
This commit is contained in:
@@ -1045,11 +1045,26 @@ func (h *AuthHandler) CompletePasswordReset(c *fiber.Ctx) error {
|
|||||||
ale.Log(slog.LevelInfo, "Received new password for reset")
|
ale.Log(slog.LevelInfo, "Received new password for reset")
|
||||||
|
|
||||||
// Validate password complexity dynamically based on Descope policy
|
// Validate password complexity dynamically based on Descope policy
|
||||||
policy, err := h.DescopeClient.Auth.Password().GetPasswordPolicy(context.Background())
|
// If DescopeClient is nil (e.g. in tests) or fetch fails, fallback to basic policy
|
||||||
|
var policy *descope.PasswordPolicy
|
||||||
|
if h.DescopeClient != nil {
|
||||||
|
p, err := h.DescopeClient.Auth.Password().GetPasswordPolicy(context.Background())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// If policy fetch fails, log warning and proceed (or fallback to basic check)
|
|
||||||
ale.Log(slog.LevelWarn, "Failed to fetch password policy, skipping dynamic validation: "+err.Error())
|
ale.Log(slog.LevelWarn, "Failed to fetch password policy, skipping dynamic validation: "+err.Error())
|
||||||
} else {
|
} else {
|
||||||
|
policy = p
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
ale.Log(slog.LevelWarn, "DescopeClient is nil, using fallback password policy")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Default fallback policy if not fetched
|
||||||
|
if policy == nil {
|
||||||
|
policy = &descope.PasswordPolicy{
|
||||||
|
MinLength: 8, // Basic requirement
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if len(req.NewPassword) < int(policy.MinLength) {
|
if len(req.NewPassword) < int(policy.MinLength) {
|
||||||
ale.Status = fiber.StatusBadRequest
|
ale.Status = fiber.StatusBadRequest
|
||||||
ale.LatencyMs = time.Since(startTime)
|
ale.LatencyMs = time.Since(startTime)
|
||||||
@@ -1093,7 +1108,6 @@ func (h *AuthHandler) CompletePasswordReset(c *fiber.Ctx) error {
|
|||||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one special character"})
|
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one special character"})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
ale.Log(slog.LevelInfo, "Attempting to update password via Descope Auth API")
|
ale.Log(slog.LevelInfo, "Attempting to update password via Descope Auth API")
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user