Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return meaningful error messages when elevatedPrivileges is required and no SecurityKey is setup #602

Open
xmlking opened this issue Jan 6, 2025 · 0 comments
Open

Return meaningful error messages when elevatedPrivileges is required and no SecurityKey is setup #602

xmlking opened this issue Jan 6, 2025 · 0 comments

Comments

@xmlking
Copy link
Contributor

xmlking commented Jan 6, 2025
edited
Loading

When elevatedPrivileges is set to required, and when Protecting Auth APIs (changePassword, changeEmail etc) are called, they are returning weird error messages. They are hard to debug.

Would be nice to return meaningful error message when Devs accidently allow calling those APIs, when user did not have SecurityKey setup

Protecting Auth APIs such as:

nhost.auth.changePassword({ newPassword: 'new-secret-password' })
nhost.auth.changeEmail({ newEmail: '[email protected]' })

nhost.toml

[auth.elevatedPrivileges]
mode = 'required'
@xmlking xmlking changed the title Return meaningful error messages when elevatedPrivileges is required and not SecurityKey is setup Return meaningful error messages when elevatedPrivileges is required and no SecurityKey is setup Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xmlking