mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 16:46:12 +01:00 
			
		
		
		
	fix: bug where middlewares seemingly ran in parallel
This commit is contained in:
		| @@ -3,6 +3,7 @@ | |||||||
| const nconf = require('nconf'); | const nconf = require('nconf'); | ||||||
| const winston = require('winston'); | const winston = require('winston'); | ||||||
| const passport = require('passport'); | const passport = require('passport'); | ||||||
|  | const util = require('util'); | ||||||
|  |  | ||||||
| const meta = require('../meta'); | const meta = require('../meta'); | ||||||
| const user = require('../user'); | const user = require('../user'); | ||||||
| @@ -30,6 +31,8 @@ const passportAuthenticateAsync = function (req, res) { | |||||||
|  |  | ||||||
| module.exports = function (middleware) { | module.exports = function (middleware) { | ||||||
| 	async function authenticate(req, res) { | 	async function authenticate(req, res) { | ||||||
|  | 		const loginAsync = util.promisify(req.login).bind(req); | ||||||
|  |  | ||||||
| 		if (req.loggedIn) { | 		if (req.loggedIn) { | ||||||
| 			return true; | 			return true; | ||||||
| 		} else if (req.headers.hasOwnProperty('authorization')) { | 		} else if (req.headers.hasOwnProperty('authorization')) { | ||||||
| @@ -38,30 +41,24 @@ module.exports = function (middleware) { | |||||||
|  |  | ||||||
| 			// If the token received was a master token, a _uid must also be present for all calls | 			// If the token received was a master token, a _uid must also be present for all calls | ||||||
| 			if (user.hasOwnProperty('uid')) { | 			if (user.hasOwnProperty('uid')) { | ||||||
| 				req.login(user, async function (err) { | 				await loginAsync(user); | ||||||
| 					if (err) { throw new Error(err); } | 				await controllers.authentication.onSuccessfulLogin(req, user.uid); | ||||||
|  | 				req.uid = user.uid; | ||||||
| 					await controllers.authentication.onSuccessfulLogin(req, user.uid); | 				req.loggedIn = req.uid > 0; | ||||||
| 					req.uid = user.uid; | 				return true; | ||||||
| 					req.loggedIn = req.uid > 0; |  | ||||||
| 					return true; |  | ||||||
| 				}); |  | ||||||
| 			} else if (user.hasOwnProperty('master') && user.master === true) { | 			} else if (user.hasOwnProperty('master') && user.master === true) { | ||||||
| 				if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) { | 				if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) { | ||||||
| 					user.uid = req.body._uid || req.query._uid; | 					user.uid = req.body._uid || req.query._uid; | ||||||
| 					delete user.master; | 					delete user.master; | ||||||
|  |  | ||||||
| 					req.login(user, async function (err) { | 					await loginAsync(user); | ||||||
| 						if (err) { throw new Error(err); } | 					await controllers.authentication.onSuccessfulLogin(req, user.uid); | ||||||
|  | 					req.uid = user.uid; | ||||||
| 						await controllers.authentication.onSuccessfulLogin(req, user.uid); | 					req.loggedIn = req.uid > 0; | ||||||
| 						req.uid = user.uid; | 					return true; | ||||||
| 						req.loggedIn = req.uid > 0; |  | ||||||
| 						return true; |  | ||||||
| 					}); |  | ||||||
| 				} else { |  | ||||||
| 					throw new Error('A master token was received without a corresponding `_uid` in the request body'); |  | ||||||
| 				} | 				} | ||||||
|  |  | ||||||
|  | 				throw new Error('A master token was received without a corresponding `_uid` in the request body'); | ||||||
| 			} else { | 			} else { | ||||||
| 				winston.warn('[api/authenticate] Unable to find user after verifying token'); | 				winston.warn('[api/authenticate] Unable to find user after verifying token'); | ||||||
| 				return true; | 				return true; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user