Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-10 07:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

test: add failing guest csrf test (#10169)

Browse Source 
* test: add failing guest csrf test

* test: use correct var

* fix: use applyCsrf for guests as well
This commit is contained in:
Barış Soner Uşaklı
2022-01-20 18:22:10 -05:00
committed by GitHub
parent f090de3688
commit 10949184ca
2 changed files with 42 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/middleware/user.js
View File

@@ -42,12 +42,12 @@ module.exports = function (middleware) {
return true;
}
if (req.loggedIn) {
if (res.locals.isAPI && (req.loggedIn || !req.headers.hasOwnProperty('authorization'))) {
// If authenticated via cookie (express-session), protect routes with CSRF checking
if (res.locals.isAPI) {
await middleware.applyCSRFasync(req, res);
}
await middleware.applyCSRFasync(req, res);
}
if (req.loggedIn) {
return true;
} else if (req.headers.hasOwnProperty('authorization')) {
const user = await passportAuthenticateAsync(req, res);