tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: ensures users cannot be created without confirming pw (#7583)

Browse Source
This commit is contained in:
Jarrod Flesch
2024-08-16 11:44:27 -04:00
committed by GitHub
parent aec3f5e308
commit 6f8604e18c
3 changed files with 36 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/next/src/views/Edit/Default/Auth/index.tsx
View File

@@ -149,8 +149,10 @@ export const Auth: React.FC<Props> = (props) => {
{(showPasswordFields || requirePassword) && ( {(showPasswordFields || requirePassword) && (
<div className={`${baseClass}__changing-password`}> <div className={`${baseClass}__changing-password`}>
<PasswordField <PasswordField
autoComplete="new-password"
field={{ field={{
name: 'password', name: 'password',
_path: 'password',
admin: { admin: {
disabled, disabled,
}, },

16
packages/next/src/views/Edit/Default/index.tsx
View File

@@ -98,14 +98,18 @@ export const DefaultEditView: React.FC = () => {
if (globalSlug) classes.push(`global-edit--${globalSlug}`) if (globalSlug) classes.push(`global-edit--${globalSlug}`)
if (collectionSlug) classes.push(`collection-edit--${collectionSlug}`) if (collectionSlug) classes.push(`collection-edit--${collectionSlug}`)
const [schemaPath, setSchemaPath] = React.useState(entitySlug) const [schemaPath, setSchemaPath] = React.useState(() => {
if (operation === 'create' && auth && !auth.disableLocalStrategy) {
return `_${entitySlug}.auth`
}
return entitySlug
})
const [validateBeforeSubmit, setValidateBeforeSubmit] = useState(() => { const [validateBeforeSubmit, setValidateBeforeSubmit] = useState(() => {
if ( if (operation === 'create' && auth && !auth.disableLocalStrategy) {
operation === 'create' &&
collectionConfig.auth &&
!collectionConfig.auth.disableLocalStrategy
)
return true return true
}
return false return false
}) })

25
test/auth/e2e.spec.ts
View File

@@ -120,7 +120,7 @@ describe('auth', () => {
await ensureCompilationIsDone({ page, serverURL }) await ensureCompilationIsDone({ page, serverURL })
}) })
describe('authenticated users', () => { describe('passwords', () => {
beforeAll(() => { beforeAll(() => {
url = new AdminUrlUtil(serverURL, slug) url = new AdminUrlUtil(serverURL, slug)
}) })
@@ -155,6 +155,29 @@ describe('auth', () => {
await expect(page.locator('#field-email')).toHaveValue(emailBeforeSave) await expect(page.locator('#field-email')).toHaveValue(emailBeforeSave)
}) })
test('should prevent new user creation without confirm password', async () => {
await page.goto(url.create)
await page.locator('#field-email').fill('dev2@payloadcms.com')
await page.locator('#field-password').fill('password')
// should fail to save without confirm password
await page.locator('#action-save').click()
await expect(
page.locator('.field-type.confirm-password .tooltip--show', {
hasText: exactText('This field is required.'),
}),
).toBeVisible()
// should succeed with matching confirm password
await page.locator('#field-confirm-password').fill('password')
await saveDocAndAssert(page, '#action-save')
})
})
describe('authenticated users', () => {
beforeAll(() => {
url = new AdminUrlUtil(serverURL, slug)
})
test('should have up-to-date user in `useAuth` hook', async () => { test('should have up-to-date user in `useAuth` hook', async () => {
await page.goto(url.account) await page.goto(url.account)
await page.waitForURL(url.account) await page.waitForURL(url.account)