From f13636ce1a2504820ee438c2945e1d21d8b3c4df Mon Sep 17 00:00:00 2001 From: mrfry Date: Sun, 2 Apr 2023 14:29:14 +0200 Subject: [PATCH] token validation changes --- src/modules/api/submodules/userManagement.ts | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/modules/api/submodules/userManagement.ts b/src/modules/api/submodules/userManagement.ts index 1ed9b0a..cf9030a 100644 --- a/src/modules/api/submodules/userManagement.ts +++ b/src/modules/api/submodules/userManagement.ts @@ -318,15 +318,16 @@ function setup(data: SubmoduleData): Submodule { logger.LogReq(req) const user: User = req.session.user const { token, userid } = req.query + const isQueryValid = validateuuid(token) && !Number.isNaN(+userid) - if (validateuuid(token) && !Number.isNaN(+userid)) { + if (isQueryValid) { const specifiedUser = dbtools.Select(userDB, 'users', { id: +userid, }) if (specifiedUser.length === 0) { res.json({ - result: 'error', + result: 'nouser', msg: 'couldnt find user', }) } @@ -340,14 +341,17 @@ function setup(data: SubmoduleData): Submodule { } else { if (!user) { res.json({ - result: 'error', - msg: 'you are not logged in', + result: 'invalid', + msg: isQueryValid + ? 'you are not logged in' + : 'token or user id is not valid', }) + return } const key = v5(validationTokenName, user.pw) res.json({ - result: 'success', + result: 'newtoken', key: key, ...((token || userid) && { msg: 'userid or token was provided, but was invalid',