-
-
Notifications
You must be signed in to change notification settings - Fork 7.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore private fields input on user register #6047
Ignore private fields input on user register #6047
Conversation
fcf542d
to
18a180a
Compare
Codecov Report
@@ Coverage Diff @@
## master #6047 +/- ##
=======================================
Coverage 19.34% 19.34%
=======================================
Files 863 863
Lines 12060 12060
Branches 1935 1935
=======================================
Hits 2333 2333
Misses 8153 8153
Partials 1574 1574
Continue to review full report at Codecov.
|
packages/strapi-plugin-users-permissions/config/schema.graphql.js
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, thanks for your help ! You can however create a new input type for the register mutation instead of filtering the fields by end ;) You can add the new input type in the declaration field and update the query :)
ace6bca
to
4612063
Compare
Oh yes, I'm much happier with this solution. I wasn't sure that was something you would want, I didn't want to jump in changing input types, but that's definitely how things should be done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Thank you for this PR :D Will merge when test pass ;)
Hey @gfpacheco Looks like this is breaking the register mutation test :D |
Sorry, I just assumed the input name didn't matter, forgot you must declare it when using in a variable. Fixed |
Hey @gfpacheco can you just verify the DCO check so we can merge your PR ? :D |
16afbfc
to
6256a7b
Compare
Signed-off-by: Guilherme Pacheco <guilherme.f.pacheco@gmail.com>
Signed-off-by: Guilherme Pacheco <guilherme.f.pacheco@gmail.com>
6256a7b
to
677b250
Compare
@alexandrebodin All the checks have passed and I also rebased the branch onto master |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍 Thank you for this PR
Fixes #5834
PS: I'm only using GraphQL so I don't know if the same bug could be used to exploit the REST API.