fyindr
/
siimee
Seguir 4
Destacar 3
Cuchillo 1
Código Peticiones pull 1 Lanzamientos 4 Wiki Actividad
Explorar el Código

:recycle: collapse session validation check in route

brian_auth_fix
j hace 2 años
padre
213c270051
commit
d3899e3f9b
Se han modificado 2 ficheros con 28 adiciones y 27 borrados
Dividir vista Mostrar estadísticas de diff
  1. 27
    2
      backend/lib/routes/user/validate-session.js
  2. 1
    25
      backend/lib/services/user.js

+ 27
- 2
backend/lib/routes/user/validate-session.js Ver fichero 

@@ -31,8 +31,33 @@ module.exports = {
31 31 
             const hashedSessionToken = request.payload
32 32 
             const { userService, profileService } = request.server.services()
33 33 
             try {
34 
-                const validatedSessionInfo =
35 
-                    userService.validateSession(hashedSessionToken)
34 
+                if (!hashedSessionToken) {
35 
+                    throw new Error('hashedSessionToken not passed!')
36 
+                }
37 
+                const userSession =
38 
+                    userService.activeSessions[hashedSessionToken]
39 
+                if (!userSession) {
40 
+                    throw new Error(
41 
+                        'hashedSessionToken not in activeSessions registry!',
42 
+                    )
43 
+                }
44 
+                if (!userSession.emailWasRespondedTo) {
45 
+                    throw new Error(
46 
+                        `Email was never responded to! ${userSession.emailWasRespondedTo}`,
47 
+                    )
48 
+                }
49 
+                if (!userSession.sessionToken) {
50 
+                    throw new Error(
51 
+                        `No session token in userSession ${userSession.sessionToken}`,
52 
+                    )
53 
+                }
54 
+                const sessionTokenIsValid = userService.validateToken(
55 
+                    userSession.sessionToken,
56 
+                )
57 
+                const validatedSessionInfo = sessionTokenIsValid
58 
+                    ? userSession
59 
+                    : { ...sessionTokenIsValid.payload }
60 
+
36 61 
                 if (validatedSessionInfo?.email)
37 62 
                     throw new Error(
38 63 
                         `Could not validate token based on payload: ${request.payload}`,

+ 1
- 25
backend/lib/services/user.js Ver fichero 

@@ -252,31 +252,7 @@ module.exports = class UserService extends Schmervice.Service {
252 252 
      * @param {HashedSessionToken} hashedSessionToken
253 253 
      * @returns {PayloadFromActiveSessions}
254 254 
      */
255 
-    validateSession(hashedSessionToken) {
256 
-        if (!hashedSessionToken) {
257 
-            throw new Error('hashedSessionToken not passed!')
258 
-        }
259 
-        const userSession = this.activeSessions[hashedSessionToken]
260 
-        if (!userSession) {
261 
-            throw new Error(
262 
-                'hashedSessionToken not in activeSessions registry!',
263 
-            )
264 
-        }
265 
-        if (!userSession.emailWasRespondedTo) {
266 
-            throw new Error('email was never responded to!')
267 
-        }
268 
-        const sessionToken = userSession.sessionToken
269 
-        if (!sessionToken) {
270 
-            throw new Error('No session token in userSession')
271 
-        }
272 
-        const sessionTokenIsValid = this.validateToken(sessionToken)
273 
-        return sessionTokenIsValid
274 
-            ? {
275 
-                  sessionToken,
276 
-                  email: this.activeSessions[hashedSessionToken].email,
277 
-              }
278 
-            : { ...sessionTokenIsValid.payload }
279 
-    }
255 
+    validateSession(hashedSessionToken) {}
280 256 
     removeSession(hashedSessionToken) {
281 257 
         const userSession = this.activeSessions[hashedSessionToken]
282 258 
         if (!userSession) {

Write Preview
Loading…
Cancelar
Guardar