fixed a security issue
This commit is contained in:
parent
91750bb20a
commit
599a614b4c
@ -57,6 +57,10 @@ function authorize(options) {
|
|||||||
return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept);
|
return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept);
|
||||||
|
|
||||||
auth.passport.deserializeUser(userKey, function(err, user) {
|
auth.passport.deserializeUser(userKey, function(err, user) {
|
||||||
|
if (err)
|
||||||
|
return auth.fail(data, err, true, accept);
|
||||||
|
if (!user)
|
||||||
|
return auth.fail(data, "User not found", false, accept);
|
||||||
data[auth.userProperty] = user;
|
data[auth.userProperty] = user;
|
||||||
data[auth.userProperty].logged_in = true;
|
data[auth.userProperty].logged_in = true;
|
||||||
auth.success(data, accept);
|
auth.success(data, accept);
|
||||||
|
Reference in New Issue
Block a user