yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-29 16:16:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

yup blocks unexpected fields

Browse Source
This commit is contained in:
Ben Irvin 2022-08-25 12:01:52 +02:00
parent 2195e9a2f2
commit 9e42345011
2 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/core/admin/server/controllers/api-token.js
View File

@ -101,12 +101,6 @@ module.exports = {
attributes.description = trim(body.description);
}
// TODO: can yup handle this and throw an error if an unexpected field is included?
// Don't allow updating lastUsedAt time
if (has(attributes, 'lastUsedAt')) {
throw new ApplicationError('lastUsedAt cannot be updated');
}
await validateApiTokenUpdateInput(attributes);
const apiTokenExists = await apiTokenService.getById(id);

6
packages/core/admin/server/validation/api-tokens.js
View File

@ -12,7 +12,8 @@ const apiTokenCreationSchema = yup
permissions: yup.array().of(yup.string()).nullable(),
lifespan: yup.number().integer().min(1).nullable(),
})
.noUnknown();
.noUnknown()
.strict();
const apiTokenUpdateSchema = yup
.object()
@ -23,7 +24,8 @@ const apiTokenUpdateSchema = yup
permissions: yup.array().of(yup.string()).nullable(),
lifespan: yup.number().integer().min(1).nullable(),
})
.noUnknown();
.noUnknown()
.strict();
module.exports = {
validateApiTokenCreationInput: validateYupSchema(apiTokenCreationSchema),