Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-04-09 05:59:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: closes #14151, handle null req.body

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2026-04-06 17:19:55 -04:00
parent 20e751f0e8
commit 62b65e69ab
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/controllers/authentication.js
View File

@@ -221,6 +221,7 @@ authenticationController.login = async (req, res, next) => {
}
const loginWith = meta.config.allowLoginWith || 'username-email';
req.body = req.body || {};
req.body.username = String(req.body.username).trim();
const errorHandler = res.locals.noScriptErrors || helpers.noScriptErrors;
try {

15
test/authentication.js
View File

@@ -284,6 +284,21 @@ describe('authentication', () => {
assert.equal(response.status, 500);
});
it('should fail to login if body is missing', async () => {
const jar = request.jar();
const csrf_token = await helpers.getCsrfToken(jar);
const { response, body } = await request.post(`${nconf.get('url')}/login`, {
body: null,
jar: jar,
headers: {
'x-csrf-token': csrf_token,
},
});
assert.equal(response.status, 403);
assert.strictEqual(body, '[[error:invalid-username-or-password]]');
});
it('should fail to login if user does not exist', async () => {
const { response, body } = await helpers.loginUser('doesnotexist', 'nopassword');
assert.equal(response.statusCode, 403);