sudoxreboot/habitica
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica.git synced 2026-05-19 20:28:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(usernames): filter @ on server side for username lookup

Browse source
This commit is contained in:
Sabe Jones 2018-11-13 15:34:50 -06:00
parent 481bd6727d
commit d691dee2ca
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
website/server/controllers/api-v3/members.js
View file

@ -130,13 +130,14 @@ api.getMemberByUsername = {
if (validationErrors) throw validationErrors;
let username = req.params.username.toLowerCase();
if (username[0] === '@') username = username.slice(1, username.length);
let member = await User
.findOne({'auth.local.lowerCaseUsername': username, 'flags.verifiedUsername': true})
.select(memberFields)
.exec();
if (!member || !member.flags.verifiedUsername) throw new NotFound(res.t('userNotFound'));
if (!member) throw new NotFound(res.t('userNotFound'));
// manually call toJSON with minimize: true so empty paths aren't returned
let memberToJSON = member.toJSON({minimize: true});