From 03981f9e0bf97aaf588e7257c72bd764c6a47089 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Tue, 7 Dec 2021 20:23:18 +0100
Subject: [PATCH] fix(session-guard): correctly check for missing session

express-session always creates an `request.session` object, so only
checking if that exists is not sufficient.

Signed-off-by: David Mehren <git@herrmehren.de>
---
 src/identity/session.guard.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/identity/session.guard.ts b/src/identity/session.guard.ts
index c263596b2..5dd653250 100644
--- a/src/identity/session.guard.ts
+++ b/src/identity/session.guard.ts
@@ -27,7 +27,7 @@ export class SessionGuard implements CanActivate {
   async canActivate(context: ExecutionContext): Promise<boolean> {
     const request: Request & { session?: { user: string }; user?: User } =
       context.switchToHttp().getRequest();
-    if (!request.session) {
+    if (!request.session?.user) {
       this.logger.debug('The user has no session.');
       throw new UnauthorizedException("You're not logged in");
     }