authenticator logic

src/server/components/UserDatabase.js

@@ -145,16 +145,14 @@ class UserDatabase extends UserDatabaseInterface {
         if (app) 
             return Promise.resolve(app);
 
-        const data = await this.db.findOne(this._appCollection, { 'token.encrypted': token });
+        const data = await this.db.findOne(this._appCollection, { token });
         if (!data) 
             return null;
 
-        const user = await this.fetchUser(data.user);
+        app = this._createApp(data);
-        app = this._createApp(user, data);
 
         if (!this.disableCache) 
             this.cache.set(app.id, app);
-        user.attachApplication(app);
 
         return app;
 

src/server/middleware/Authenticator.js

@@ -155,9 +155,9 @@ class Authenticator {
         const key = segments[segments.length - 1];
 
         const application = await this.userdb.matchToken(key);
-        if (application) 
+        if (application) {
             req.user = application; 
-        else {
+        } else {
             res.status(401).send('Unknown identity'); 
             return false;
         }
@@ -179,10 +179,11 @@ class Authenticator {
         PermissionManager.ensurePermission(permission);
 
         const func = async (req, res, next) => {
-            const { user } = req;
             // Request does not have a user bound to it, response already sent from #_authenticate
             if (!await this.#_authenticate(req, res)) 
                 return;
+            // If the authentication is done through a token, the user will be attached in the authentication step
+            const { user } = req;
             // Has permission
             if (user.hasPermission(permission, level)) 
                 return next();