From 599a614b4ccfbaaebe8eaa705288734d3fe03059 Mon Sep 17 00:00:00 2001 From: Amir Date: Mon, 18 Nov 2013 18:06:52 +0330 Subject: [PATCH] fixed a security issue --- lib/index.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/index.js b/lib/index.js index 3813b1d..a6fe799 100644 --- a/lib/index.js +++ b/lib/index.js @@ -57,6 +57,10 @@ function authorize(options) { return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept); auth.passport.deserializeUser(userKey, function(err, user) { + if (err) + return auth.fail(data, err, true, accept); + if (!user) + return auth.fail(data, "User not found", false, accept); data[auth.userProperty] = user; data[auth.userProperty].logged_in = true; auth.success(data, accept);