TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: respect "Ignore unknown usernames" on password reset

Browse Source 
Merge pull request from GHSA-v683-rcxx-vpff

(cherry picked from commit 54676eda98)
This commit is contained in:
Livio Spring 2023-10-09 12:47:43 +03:00
parent 1d4ec6cdba
commit 8ca053fad3
No known key found for this signature in database
GPG Key ID: 26BB1C2FA5952CF0
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/ui/login/password_reset_handler.go
View File

@ -25,6 +25,9 @@ func (l *Login) handlePasswordReset(w http.ResponseWriter, r *http.Request) {
}
user, err := l.query.GetUser(setContext(r.Context(), authReq.UserOrgID), true, false, loginName)
if err != nil {
if authReq.LoginPolicy.IgnoreUnknownUsernames && errors.IsNotFound(err) {
err = nil
}
l.renderPasswordResetDone(w, r, authReq, err)
return
}