wasp icon indicating copy to clipboard operation
wasp copied to clipboard

Published 20 hours ago verified publisher icon wasp-lang

Update user data sanitizing function types

Open infomiho opened this issue 2 months ago • 0 comments

When we sanitize provider data, before saving it, we make sure to hash the password.

The function that does that looks smth like this:

function sanitize(data: { hashedPassword: string }): { hashedPassword: string } {
  data.hashedPassword = hash(data.hashedPassword);
  return data;
}

This means that this fn can be accidentally called again on already sanitized provider data.

The function should look more like this:

function sanitize(data: { password: string }): { hashedPassword: string } {
  data.hashedPassword = hash(data.password);
  return data;
}

so that the input and the output types are structurally different and you can't sanitize already sanitized data.

Related to https://github.com/wasp-lang/wasp/pull/2360/files#r1855479164

infomiho avatar Nov 25 '24 13:11 infomiho