mirror of
https://github.com/wasp-lang/wasp.git
synced 2024-12-27 02:52:22 +03:00
Narrows down what can be saved when signing up (#1236)
This commit is contained in:
parent
ec307d0a3d
commit
e2ba85153b
@ -1,5 +1,10 @@
|
||||
# Changelog
|
||||
|
||||
## v0.10.7
|
||||
|
||||
### Breaking changes
|
||||
- Wasp's signup action now saves only the fields relevant to the auth process to the database. This prevents users from injecting arbitrary data into the database.
|
||||
|
||||
## v0.10.6
|
||||
|
||||
### Bug fixes
|
||||
|
@ -42,7 +42,10 @@ export function getSignupRoute({
|
||||
await deleteUser(existingUser);
|
||||
}
|
||||
|
||||
const user = await createUser(userFields);
|
||||
const user = await createUser({
|
||||
email: userFields.email,
|
||||
password: userFields.password,
|
||||
});
|
||||
|
||||
const verificationLink = await createEmailVerificationLink(user, clientRoute);
|
||||
try {
|
||||
|
@ -5,7 +5,10 @@ import { createUser } from '../../utils.js'
|
||||
export default handleRejection(async (req, res) => {
|
||||
const userFields = req.body || {}
|
||||
|
||||
await createUser(userFields)
|
||||
await createUser({
|
||||
username: userFields.username,
|
||||
password: userFields.password,
|
||||
})
|
||||
|
||||
return res.json({ success: true })
|
||||
})
|
||||
|
@ -1144,11 +1144,18 @@ Login is a regular action and can be used directly from the frontend.
|
||||
|
||||
#### `signup()`
|
||||
An action for signing up the user. This action does not log in the user, you still need to call `login()`.
|
||||
|
||||
```js
|
||||
signup(userFields)
|
||||
```
|
||||
#### `userFields: object`
|
||||
Fields of user entity which was declared in `auth`.
|
||||
Auth-related fields (either `username` or `email` and `password`) of the user entity which was declared in `auth`.
|
||||
|
||||
:::info
|
||||
Wasp only stores the auth-related fields of the user entity. Adding extra fields to `userFields` will not have any effect.
|
||||
|
||||
If you need to add extra fields to the user entity, we suggest doing it in a separate step after the user logs in for the first time.
|
||||
:::
|
||||
|
||||
#### `import statement`:
|
||||
```js
|
||||
@ -1156,7 +1163,6 @@ import signup from '@wasp/auth/signup.js'
|
||||
```
|
||||
Signup is a regular action and can be used directly from the frontend.
|
||||
|
||||
|
||||
#### `logout()`
|
||||
An action for logging out the user.
|
||||
```js
|
||||
@ -1169,7 +1175,7 @@ import logout from '@wasp/auth/logout.js'
|
||||
```
|
||||
|
||||
##### Example of usage:
|
||||
```js
|
||||
```jsx
|
||||
import logout from '@wasp/auth/logout.js'
|
||||
|
||||
const SignOut = () => {
|
||||
|
Loading…
Reference in New Issue
Block a user