Update user data sanitizing function types #2383

infomiho · 2024-11-25T13:41:19Z

When we sanitize provider data, before saving it, we make sure to hash the password.

The function that does that looks smth like this:

function sanitize(data: { hashedPassword: string }): { hashedPassword: string } {
  data.hashedPassword = hash(data.hashedPassword);
  return data;
}

This means that this fn can be accidentally called again on already sanitized provider data.

The function should look more like this:

function sanitize(data: { password: string }): { hashedPassword: string } {
  data.hashedPassword = hash(data.password);
  return data;
}

so that the input and the output types are structurally different and you can't sanitize already sanitized data.

infomiho changed the title ~~Update types for provider data sanitising~~ Update user data sanitizing function types Nov 25, 2024

infomiho self-assigned this Nov 25, 2024

infomiho added the auth label Nov 25, 2024

infomiho mentioned this issue Nov 25, 2024

Enables strict null checks in SDK #2360

Merged

4 tasks

Martinsos added the shouldfix We should do/fix this at some point label Nov 27, 2024

sodic added the refactoring Keeping that code clean! label Dec 21, 2024

Provide feedback