diff --git a/src/server/components/UserDatabase.js b/src/server/components/UserDatabase.js index 62cb378..a2cd1de 100644 --- a/src/server/components/UserDatabase.js +++ b/src/server/components/UserDatabase.js @@ -145,16 +145,14 @@ class UserDatabase extends UserDatabaseInterface { if (app) return Promise.resolve(app); - const data = await this.db.findOne(this._appCollection, { 'token.encrypted': token }); + const data = await this.db.findOne(this._appCollection, { token }); if (!data) return null; - const user = await this.fetchUser(data.user); - app = this._createApp(user, data); + app = this._createApp(data); if (!this.disableCache) this.cache.set(app.id, app); - user.attachApplication(app); return app; diff --git a/src/server/middleware/Authenticator.js b/src/server/middleware/Authenticator.js index 7687720..7c68f5a 100644 --- a/src/server/middleware/Authenticator.js +++ b/src/server/middleware/Authenticator.js @@ -155,9 +155,9 @@ class Authenticator { const key = segments[segments.length - 1]; const application = await this.userdb.matchToken(key); - if (application) - req.user = application; - else { + if (application) { + req.user = application; + } else { res.status(401).send('Unknown identity'); return false; } @@ -179,10 +179,11 @@ class Authenticator { PermissionManager.ensurePermission(permission); const func = async (req, res, next) => { - const { user } = req; // Request does not have a user bound to it, response already sent from #_authenticate if (!await this.#_authenticate(req, res)) return; + // If the authentication is done through a token, the user will be attached in the authentication step + const { user } = req; // Has permission if (user.hasPermission(permission, level)) return next();