refactor(core): Enforce authorization by default on all routes (no-changelog) (#8762)

2025-12-20 03:12:15 +00:00 · 2024-02-28 17:02:18 +01:00
parent 2811f77798
commit db4a419c8d
46 changed files with 126 additions and 299 deletions
--- a/packages/cli/src/controllers/passwordReset.controller.ts
+++ b/packages/cli/src/controllers/passwordReset.controller.ts
@@ -50,6 +50,7 @@ export class PasswordResetController {
 	 */
 	@Post('/forgot-password', {
 		middlewares: !inTest ? [throttle] : [],
+		skipAuth: true,
 	})
 	async forgotPassword(req: PasswordResetRequest.Email) {
 		if (!this.mailer.isEmailSetUp) {
@@ -150,7 +151,7 @@ export class PasswordResetController {
 	/**
 	 * Verify password reset token and user ID.
 	 */
-	@Get('/resolve-password-token')
+	@Get('/resolve-password-token', { skipAuth: true })
 	async resolvePasswordToken(req: PasswordResetRequest.Credentials) {
 		const { token } = req.query;

@@ -182,7 +183,7 @@ export class PasswordResetController {
 	/**
 	 * Verify password reset token and update password.
 	 */
-	@Post('/change-password')
+	@Post('/change-password', { skipAuth: true })
 	async changePassword(req: PasswordResetRequest.NewPassword, res: Response) {
 		const { token, password, mfaToken } = req.body;