krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-19 07:37:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

v3: fallbackto authWithHeaders if wuthWithSession or authWithUrl fails

Browse Source
This commit is contained in:
Matteo Pagliazzi
2016-05-18 18:29:38 +02:00
parent ef9dc9a15a
commit f0f67e1e88
3 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
website/server/middlewares/api-v3/auth.js
View File

@@ -41,7 +41,14 @@ export function authWithHeaders (optional = false) {
export function authWithSession (req, res, next) {
let userId = req.session.userId;
if (!userId) return next(new NotAuthorized(res.t('invalidCredentials')));
// Always allow authentication with headers
if (!userId) {
if (!req.header('x-api-user') || !req.header('x-api-key')) {
return next(new NotAuthorized(res.t('invalidCredentials')));
} else {
return authWithHeaders()(req, res, next);
}
}
return User.findOne({
_id: userId,
@@ -60,8 +67,13 @@ export function authWithUrl (req, res, next) {
let userId = req.query._id;
let apiToken = req.query.apiToken;
// Always allow authentication with headers
if (!userId || !apiToken) {
throw new NotAuthorized(res.t('missingAuthParams'));
if (!req.header('x-api-user') || !req.header('x-api-key')) {
return next(new NotAuthorized(res.t('missingAuthParams')));
} else {
return authWithHeaders()(req, res, next);
}
}
return User.findOne({ _id: userId, apiToken }).exec()