No control Over credentials on server side
Current Version: 0.8.6-beta.3
Tech Stack: Nextjs
I applied email and password login in my project it works fine when we send a request from client to server and it checks with zod for client side validation and passes data correctly. But if we i use postman to send a request with credential information i have no control to check if the password or confirm password is correct or if password is in correct format. Even if i send wrong type of information using postman if accepts and creates a new user without a check at server.
Main point is that there should be a middleware or check function so the we could also the types or other credential information on server before we add to database
4 Replies
confirm password isn't a valid input. the signup endpoint only expects
password.Yes I know but I am saying is that I have no control on the server side
Let's say that I I want to check if the password and confirm password are equal then I don't have control over it
And i also I want to have password to have a lowercase, uppercase, numerical and special characters then only hash and store the values
you can make plugins to acheive that
or a custom endpoint
and use
auth.api.signUpEmailOk