krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(usernames): filter @ on server side for username lookup

Browse Source
This commit is contained in:
Sabe Jones
2018-11-13 15:34:50 -06:00
parent 481bd6727d
commit d691dee2ca
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
website/server/controllers/api-v3/members.js
View File

@@ -130,13 +130,14 @@ api.getMemberByUsername = {
if (validationErrors) throw validationErrors;
let username = req.params.username.toLowerCase();
if (username[0] === '@') username = username.slice(1, username.length);
let member = await User
.findOne({'auth.local.lowerCaseUsername': username, 'flags.verifiedUsername': true})
.select(memberFields)
.exec();
if (!member || !member.flags.verifiedUsername) throw new NotFound(res.t('userNotFound'));
if (!member) throw new NotFound(res.t('userNotFound'));
// manually call toJSON with minimize: true so empty paths aren't returned
let memberToJSON = member.toJSON({minimize: true});