github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 17:56:30 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix(session-guard): correctly check for missing session

Browse source 
express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-12-07 20:23:18 +01:00
parent b3688e6486
commit 03981f9e0b
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/identity/session.guard.ts
View file

@ -27,7 +27,7 @@ export class SessionGuard implements CanActivate {
async canActivate(context: ExecutionContext): Promise<boolean> {
const request: Request & { session?: { user: string }; user?: User } =
context.switchToHttp().getRequest();
if (!request.session) {
if (!request.session?.user) {
this.logger.debug('The user has no session.');
throw new UnauthorizedException("You're not logged in");
}