mirror of
https://github.com/sudoxnym/habitica.git
synced 2026-07-13 23:42:12 +00:00
Squashed commit of the following:
commit 22971a0c0bd1c25e147fdc9d662fd55ca522193b
Author: SabreCat <sabe@habitica.com>
Date: Fri Aug 18 21:13:49 2023 -0500
fix(auth): don't mix include/exclude
commit efbb8fa136587a4c781660246cb426968cfe108a
Author: SabreCat <sabe@habitica.com>
Date: Fri Aug 18 20:51:30 2023 -0500
refactor(auth): remove unneeded query field
This commit is contained in:
parent
9e0e2a83be
commit
ba96cd6e24
1 changed files with 10 additions and 6 deletions
|
|
@ -65,18 +65,22 @@ export function authWithHeaders (options = {}) {
|
|||
return next(new NotAuthorized(res.t('missingAuthHeaders')));
|
||||
}
|
||||
|
||||
const userQuery = {
|
||||
_id: userId,
|
||||
apiToken,
|
||||
};
|
||||
const userQuery = { _id: userId };
|
||||
|
||||
let fields = getUserFields(options, req);
|
||||
// If the request didn't include the API Token, retrieve it for validation
|
||||
if (fields && fields.indexOf('apiToken') === -1 && fields.indexOf('-') === -1) {
|
||||
fields = `${fields} apiToken`;
|
||||
}
|
||||
|
||||
const fields = getUserFields(options, req);
|
||||
const findPromise = fields ? User.findOne(userQuery).select(fields) : User.findOne(userQuery);
|
||||
|
||||
return findPromise
|
||||
.exec()
|
||||
.then(user => {
|
||||
if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
|
||||
if (!user || apiToken !== user.apiToken) {
|
||||
throw new NotAuthorized(res.t('invalidCredentials'));
|
||||
}
|
||||
|
||||
if (user.auth.blocked) {
|
||||
// We want the accountSuspended message to be translated but the language
|
||||
|
|
|
|||
Loading…
Reference in a new issue