search

bitwarden / passwordless-server

Bitwarden Passwordless.dev infrastructure/backend (API, database, Docker, etc).
https://bitwarden.com/
Other
83 stars 26 forks source link

Add hacky validation for hints during registration #695

Closed Tyrrrz closed 1 month ago

Tyrrrz commented 1 month ago

Part of PAS-472

Since we're sending the form data using Vue and completely bypassing Razor Pages request pipeline, the validation attributes are not properly honored. I've added validation for Hints in Vue to avoid vague 400 errors on invalid hints. This is hacky, but a proper solution would require rewriting the page to not use Vue to send the registration request, or have better validation infrastructure on our front-end. I don't think it's worth the effort, given other priorities.

codecov[bot] commented 1 month ago

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 34.88%. Comparing base (bc4d39a) to head (0cc90ef). Report is 1 commits behind head on main.

Files Patch % Lines
...nConsole/Pages/App/Playground/NewAccount.cshtml.cs 0.00% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #695 +/- ## ======================================= Coverage 34.88% 34.88% ======================================= Files 567 567 Lines 31010 31010 Branches 936 936 ======================================= Hits 10818 10818 Misses 20046 20046 Partials 146 146 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

jonashendrickx commented 1 month ago

Without rewriting the razor page, you could just define the page handler as an endpoint, and add the validation on the minimal api endpoint similarly to what we do in the back-end.