fixed a security issue

2024-07-21 09:38:31 +02:00 · 2013-11-18 18:06:52 +03:30 · 2013-11-18 18:06:52 +03:30 · 599a614b4c
commit 599a614b4c
parent 91750bb20a
1 changed files with 4 additions and 0 deletions
--- a/lib/index.js
+++ b/lib/index.js
@ -57,6 +57,10 @@ function authorize(options) {
        return auth.fail(data, 'User not authorized through passport. (User Property not found)', false, accept);

      auth.passport.deserializeUser(userKey, function(err, user) {
+        if (err)
+          return auth.fail(data, err, true, accept);
+        if (!user)
+          return auth.fail(data, "User not found", false, accept);
        data[auth.userProperty] = user;
        data[auth.userProperty].logged_in = true;
        auth.success(data, accept);