feathersjs-ecosystem/feathers-authentication-management

Prevent changes on PATCH

Closed this issue · 3 comments

Currently, it is really easy to PATCH a user to set isVerified, or a resetToken.
Maybe you should add a built-in hook to prevent these changes on PATCH /user/:id ?

Whatever additional controls are implemented, someone will come up with a valid, opposing use case.

You can use the preventChange hook https://docs.feathersjs.com/api/hooks-common.html#preventchanges

Feel free to make a PR to the docs with a small note mentioning the situation.

Thanks. Merged. It'll be published as 0.4.3.