QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-16 12:50:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: should retrieve user inactive error in login response API.

Browse Source 
fix: prevent from delete or inactivate the current authorized user.
This commit is contained in:
Ahmed Bouhuolia
2020-09-20 18:39:14 +02:00
parent e28f8496c6
commit e2c53f4513
11 changed files with 151 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/api/middleware/AttachCurrentTenantUser.ts
View File

@@ -14,11 +14,19 @@ const attachCurrentUser = async (req: Request, res: Response, next: Function) =>
try {
Logger.info('[attach_user_middleware] finding system user by id.');
const user = await systemUserRepository.getById(req.token.id);
console.log(user);
if (!user) {
Logger.info('[attach_user_middleware] the system user not found.');
return res.boom.unauthorized();
}
if (!user.active) {
Logger.info('[attach_user_middleware] the system user not found.');
return res.boom.badRequest(
'The authorized user is inactivated.',
{ errors: [{ type: 'USER_INACTIVE', code: 100, }] },
);
}
// Delete password property from user object.
Reflect.deleteProperty(user, 'password');
req.user = user;