Last active
June 1, 2018 08:56
-
-
Save aSemy/bac34069ba5a9bfe7d8e98917a939f19 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Component | |
| public class UserRegisterMutator { | |
| public static final String REGISTER_ARGUMENT_NAME = "userRegisterRequest"; | |
| /** | |
| * @param userRegisterRequest Contains info about the user's registration, e.g. their name | |
| * | |
| * @return Always returns true, so potential attackers get no info. Valid attempts will get an email. | |
| */ | |
| @GraphQLMutation(name = "userRegister") | |
| @PreAuthorize("permitAll()") | |
| public boolean userRegister(@GraphQLArgument( | |
| name = REGISTER_ARGUMENT_NAME) @GraphQLNonNull final UserRegisterRequest userRegisterRequest) { | |
| // user registration stuff | |
| // ... | |
| // always return true, otherwise attacks can work out the emails of users who have already registered | |
| return true; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment