Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy.git synced 2026-06-15 20:25:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4159 from Dokploy/fix/invitation-email-validation

Browse Source 
fix: validate invitation email matches signup email
This commit is contained in:
Mauricio Siu
2026-04-05 12:45:00 -06:00
committed by GitHub
parent 24b56c868d b8812dd7f2
commit c854d4eb01
1 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
packages/server/src/lib/auth.ts
View File

@@ -148,10 +148,30 @@ const { handler, api } = betterAuth({
const xDokployToken =
context?.request?.headers?.get("x-dokploy-token");
if (xDokployToken) {
const user = await getUserByToken(xDokployToken);
if (!user) {
let invitation: Awaited<ReturnType<typeof getUserByToken>>;
try {
invitation = await getUserByToken(xDokployToken);
} catch {
throw new APIError("BAD_REQUEST", {
message: "User not found",
message: "Invalid invitation token",
});
}
if (invitation.isExpired) {
throw new APIError("BAD_REQUEST", {
message: "Invitation has expired",
});
}
if (invitation.status !== "pending") {
throw new APIError("BAD_REQUEST", {
message: "Invitation has already been used",
});
}
if (
_user.email.toLowerCase().trim() !==
invitation.email.toLowerCase().trim()
) {
throw new APIError("BAD_REQUEST", {
message: "Email does not match invitation",
});
}
} else {