This commit is contained in:
parent
bf4663d307
commit
636f39db5f
@ -145,16 +145,14 @@ class UserDatabase extends UserDatabaseInterface {
|
||||
if (app)
|
||||
return Promise.resolve(app);
|
||||
|
||||
const data = await this.db.findOne(this._appCollection, { 'token.encrypted': token });
|
||||
const data = await this.db.findOne(this._appCollection, { token });
|
||||
if (!data)
|
||||
return null;
|
||||
|
||||
const user = await this.fetchUser(data.user);
|
||||
app = this._createApp(user, data);
|
||||
app = this._createApp(data);
|
||||
|
||||
if (!this.disableCache)
|
||||
this.cache.set(app.id, app);
|
||||
user.attachApplication(app);
|
||||
|
||||
return app;
|
||||
|
||||
|
@ -155,9 +155,9 @@ class Authenticator {
|
||||
const key = segments[segments.length - 1];
|
||||
|
||||
const application = await this.userdb.matchToken(key);
|
||||
if (application)
|
||||
if (application) {
|
||||
req.user = application;
|
||||
else {
|
||||
} else {
|
||||
res.status(401).send('Unknown identity');
|
||||
return false;
|
||||
}
|
||||
@ -179,10 +179,11 @@ class Authenticator {
|
||||
PermissionManager.ensurePermission(permission);
|
||||
|
||||
const func = async (req, res, next) => {
|
||||
const { user } = req;
|
||||
// Request does not have a user bound to it, response already sent from #_authenticate
|
||||
if (!await this.#_authenticate(req, res))
|
||||
return;
|
||||
// If the authentication is done through a token, the user will be attached in the authentication step
|
||||
const { user } = req;
|
||||
// Has permission
|
||||
if (user.hasPermission(permission, level))
|
||||
return next();
|
||||
|
Loading…
Reference in New Issue
Block a user