krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 15:17:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

prevent sub accidentally also being applied to other account

Browse Source
This commit is contained in:
Phillip Thelen
2023-02-27 12:06:27 +01:00
parent 57fb7ca6f2
commit c29049146d
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/server/libs/payments/apple.js
View File

@@ -127,14 +127,18 @@ api.subscribe = async function subscribe (user, receipt, headers, nextPaymentPro
} }
} }
const existingUsers = await User.find({ const existingUsers = await User.find({
'purchased.plan.customerId': purchase.originalTransactionId, $or: [
{ 'purchased.plan.customerId': purchase.originalTransactionId },
{ 'purchased.plan.customerId': purchase.transactionId },
]
}).exec(); }).exec();
if (existingUsers.length > 0) { if (existingUsers.length > 0) {
if (purchase.originalTransactionId === purchase.transactionId) { if (purchase.originalTransactionId === purchase.transactionId) {
throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED); throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED);
} }
for (const existingUser of existingUsers) { for (const existingUser of existingUsers) {
if (existingUser._id !== user._id && !existingUser.purchased.plan.dateTerminated) { if (existingUser._id !== user._id) {
throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED); throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED);
} }
} }