fixed a security issue
This commit is contained in:
parent
91750bb20a
commit
599a614b4c
@ -57,6 +57,10 @@ function authorize(options) {
|
||||
return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept);
|
||||
|
||||
auth.passport.deserializeUser(userKey, function(err, user) {
|
||||
if (err)
|
||||
return auth.fail(data, err, true, accept);
|
||||
if (!user)
|
||||
return auth.fail(data, "User not found", false, accept);
|
||||
data[auth.userProperty] = user;
|
||||
data[auth.userProperty].logged_in = true;
|
||||
auth.success(data, accept);
|
||||
|
Reference in New Issue
Block a user