mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 22:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: change sessionstate type to prevent unset values

Browse source 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth 2023-03-19 22:04:28 +01:00
parent f78fd69bf4
commit 229d4a4a1d
6 changed files with 26 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

12
backend/src/api/private/auth/auth.controller.ts
View file

@ -26,6 +26,7 @@ import { RegisterDto } from '../../../identity/local/register.dto';
import { UpdatePasswordDto } from '../../../identity/local/update-password.dto';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { SessionState } from '../../../session/session.service';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service';
import { LoginEnabledGuard } from '../../utils/login-enabled.guard';
@ -34,10 +35,7 @@ import { RegistrationEnabledGuard } from '../../utils/registration-enabled.guard
import { RequestUser } from '../../utils/request-user.decorator';
type RequestWithSession = Request & {
session: {
authProvider: string;
user: string;
};
session: SessionState;
};
@ApiTags('auth')
@ -65,7 +63,7 @@ export class AuthController {
);
// ToDo: Figure out how to rollback user if anything with this calls goes wrong
await this.identityService.createLocalIdentity(user, registerDto.password);
request.session.user = registerDto.username;
request.session.username = registerDto.username;
request.session.authProvider = 'local';
}
@ -96,7 +94,7 @@ export class AuthController {
@Body() loginDto: LoginDto,
): void {
// There is no further testing needed as we only get to this point if LocalAuthGuard was successful
request.session.user = loginDto.username;
request.session.username = loginDto.username;
request.session.authProvider = 'local';
}
@ -110,7 +108,7 @@ export class AuthController {
@Body() loginDto: LdapLoginDto,
): void {
// There is no further testing needed as we only get to this point if LocalAuthGuard was successful
request.session.user = loginDto.username;
request.session.username = loginDto.username;
request.session.authProvider = 'ldap';
}

6
backend/src/api/utils/session-authprovider.decorator.ts
View file

@ -10,6 +10,8 @@ import {
} from '@nestjs/common';
import { Request } from 'express';
import { SessionState } from '../../session/session.service';
/**
* Extracts the auth provider identifier from a session inside a request
*
@ -19,9 +21,7 @@ import { Request } from 'express';
export const SessionAuthProvider = createParamDecorator(
(data: unknown, ctx: ExecutionContext) => {
const request: Request & {
session: {
authProvider: string;
};
session: SessionState;
} = ctx.switchToHttp().getRequest();
if (!request.session?.authProvider) {
// We should have an auth provider here, otherwise something is wrong