Skip to content

Commit

Permalink
fix(users.js): update bugs
Browse files Browse the repository at this point in the history
  • Loading branch information
@supersonictw
supersonictw committed Oct 14, 2024
1 parent 17f170e commit b92c327
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 6 deletions.
7 changes: 5 additions & 2 deletions src/routes/tokens.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,11 @@ router.post("/",
}

// Handle code and metadata
const metadata = {email: req.body.email};
const {code, sessionId} = utilCodeSession.createOne(metadata, 6, 1800);
const metadata = {
email: req.body.email,
};
const {code, sessionId} = utilCodeSession.
createOne(metadata, 6, 1800);

// Handle mail
try {
Expand Down
16 changes: 12 additions & 4 deletions src/routes/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,10 +173,11 @@ router.put("/me/email",
async (req, res) => {
// Handle code and metadata
const metadata = {
_id: req.auth.id,
userId: req.auth.id,
email: req.body.email,
};
const {code, sessionId} = utilCodeSession.createOne(metadata, 8, 1800);
const {code, sessionId} = utilCodeSession.
createOne(metadata, 8, 1800);

// Handle conflict
if (await User.findOne({email: req.body.email}).exec()) {
Expand Down Expand Up @@ -261,6 +262,12 @@ router.patch("/me/email",
deleteOne(req.body.session_id, req.body.code);
}

if (req.auth.id !== metadata.userId) {
// Check metadata
res.sendStatus(StatusCodes.FORBIDDEN);
return;
}

// Check user exists by the ID
const user = await User.findById(req.auth.id).exec();
if (!user) {
Expand All @@ -272,7 +279,7 @@ router.patch("/me/email",
user.email = metadata.email;

// Update values
const userData = utilUser.saveData(user);
const userData = await utilUser.saveData(user);

// Generate token
const token = utilXaraToken.
Expand Down Expand Up @@ -333,7 +340,8 @@ router.post("/",
created_at: utilNative.getPosixTimestamp(),
updated_at: utilNative.getPosixTimestamp(),
};
const {code, sessionId} = utilCodeSession.createOne(metadata, 7, 1800);
const {code, sessionId} = utilCodeSession.
createOne(metadata, 7, 1800);

// Handle mail
try {
Expand Down

0 comments on commit b92c327

Please sign in to comment.