mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-17 00:24:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix(session-guard): correctly check for missing session

Browse source 
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-12-07 20:23:18 +01:00
parent b01346e7e5
commit bda58322be
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/identity/session.guard.ts
View file

@ -27,7 +27,7 @@ export class SessionGuard implements CanActivate {
async canActivate(context: ExecutionContext): Promise<boolean> { async canActivate(context: ExecutionContext): Promise<boolean> {
const request: Request & { session?: { user: string }; user?: User } = const request: Request & { session?: { user: string }; user?: User } =
context.switchToHttp().getRequest(); context.switchToHttp().getRequest();
if (!request.session) { if (!request.session?.user) {
this.logger.debug('The user has no session.'); this.logger.debug('The user has no session.');
throw new UnauthorizedException("You're not logged in"); throw new UnauthorizedException("You're not logged in");
} }