zias/wolk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: signup handler shouldn't create admins

Browse Source
This commit is contained in:
Henrique Dias
2026-03-14 08:23:10 +01:00
parent 4bd7d69c82
commit a63573b67e
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
http/auth.go
View File

@@ -167,6 +167,10 @@ var signupHandler = func(_ http.ResponseWriter, r *http.Request, d *data) (int,
d.settings.Defaults.Apply(user) d.settings.Defaults.Apply(user)
// Users signed up via the signup handler should never become admins, even
// if that is the default permission.
user.Perm.Admin = false
pwd, err := users.ValidateAndHashPwd(info.Password, d.settings.MinimumPasswordLength) pwd, err := users.ValidateAndHashPwd(info.Password, d.settings.MinimumPasswordLength)
if err != nil { if err != nil {
return http.StatusBadRequest, err return http.StatusBadRequest, err