Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: request authentication called twice in account routes

Browse Source
This commit is contained in:
Julian Lam
2021-03-08 14:47:33 -05:00
parent 7da061f0d7
commit e3b2c00db1
3 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/middleware/user.js
View File

@@ -148,12 +148,12 @@ module.exports = function (middleware) {
middleware.checkAccountPermissions = helpers.try(async (req, res, next) => {
// This middleware ensures that only the requested user and admins can pass
if (!await authenticate(req, res)) {
return;
}
// This check if left behind for legacy purposes. Older plugins may call this middleware without ensureLoggedIn
if (!req.loggedIn) {
return controllers.helpers.notAllowed(req, res);
}
const uid = await user.getUidByUserslug(req.params.userslug);
let allowed = await privileges.users.canEdit(req.uid, uid);
if (allowed) {

6
src/routes/api.js
View File

@@ -15,9 +15,9 @@ module.exports = function (app, middleware, controllers) {
router.get('/user/username/:username', middleware.canViewUsers, controllers.user.getUserByUsername);
router.get('/user/email/:email', middleware.canViewUsers, controllers.user.getUserByEmail);
router.get('/user/uid/:userslug/export/posts', middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportPosts);
router.get('/user/uid/:userslug/export/uploads', middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportUploads);
router.get('/user/uid/:userslug/export/profile', middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportProfile);
router.get('/user/uid/:userslug/export/posts', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportPosts);
router.get('/user/uid/:userslug/export/uploads', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportUploads);
router.get('/user/uid/:userslug/export/profile', middleware.authenticateRequest, middleware.ensureLoggedIn, middleware.checkAccountPermissions, middleware.exposeUid, controllers.user.exportProfile);
router.get('/categories/:cid/moderators', controllers.api.getModerators);
router.get('/recent/posts/:term?', controllers.posts.getRecentPosts);

7
src/routes/user.js
View File

@@ -9,7 +9,12 @@ const { setupPageRoute } = helpers;
module.exports = function (app, name, middleware, controllers) {
const middlewares = [middleware.exposeUid, middleware.canViewUsers];
const accountMiddlewares = [middleware.exposeUid, middleware.canViewUsers, middleware.checkAccountPermissions];
const accountMiddlewares = [
middleware.exposeUid,
middleware.ensureLoggedIn,
middleware.canViewUsers,
middleware.checkAccountPermissions,
];
setupPageRoute(app, '/me', middleware, [], middleware.redirectMeToUserslug);
setupPageRoute(app, '/me/*', middleware, [], middleware.redirectMeToUserslug);