mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-26 11:43:59 -05:00
fix(session-guard): correctly check for missing session
express-session always creates an `request.session` object, so only checking if that exists is not sufficient. Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
parent
b3688e6486
commit
03981f9e0b
1 changed files with 1 additions and 1 deletions
|
@ -27,7 +27,7 @@ export class SessionGuard implements CanActivate {
|
|||
async canActivate(context: ExecutionContext): Promise<boolean> {
|
||||
const request: Request & { session?: { user: string }; user?: User } =
|
||||
context.switchToHttp().getRequest();
|
||||
if (!request.session) {
|
||||
if (!request.session?.user) {
|
||||
this.logger.debug('The user has no session.');
|
||||
throw new UnauthorizedException("You're not logged in");
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue