fixed a security issue

This commit is contained in:
Amir 2013-11-18 18:06:52 +03:30
parent 91750bb20a
commit 599a614b4c

View File

@ -57,6 +57,10 @@ function authorize(options) {
return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept); return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept);
auth.passport.deserializeUser(userKey, function(err, user) { auth.passport.deserializeUser(userKey, function(err, user) {
if (err)
return auth.fail(data, err, true, accept);
if (!user)
return auth.fail(data, "User not found", false, accept);
data[auth.userProperty] = user; data[auth.userProperty] = user;
data[auth.userProperty].logged_in = true; data[auth.userProperty].logged_in = true;
auth.success(data, accept); auth.success(data, accept);