From 450e53e55e9066b998a2638854b169428df5aa30 Mon Sep 17 00:00:00 2001 From: Andrew Woodlee Date: Thu, 3 Nov 2022 18:43:27 -0500 Subject: [PATCH 1/3] added checking for user in welcome controller --- app/controllers/welcome.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/app/controllers/welcome.js b/app/controllers/welcome.js index b6bdef3..be5140f 100644 --- a/app/controllers/welcome.js +++ b/app/controllers/welcome.js @@ -39,6 +39,9 @@ class WelcomeController extends SiteController { } async getWelcomeCoreMember (req, res) { + if (req.user) { + res.redirect(301, '/'); + } res.render('welcome/core-member'); } @@ -58,18 +61,27 @@ class WelcomeController extends SiteController { } async getSignupView (req, res) { + if (req.user) { + res.redirect(301, '/'); + } req.session.captcha = req.session.captcha || { }; req.session.captcha.signup = captcha.randomText(4 + Math.floor(Math.random()*4)); res.render('welcome/signup'); } async getLoginView (req, res) { + if (req.user) { + res.redirect(301, '/'); + } res.locals.loginResult = req.session.loginResult; res.render('welcome/login'); } async getHomeView (req, res, next) { try { + if (req.user) { + res.redirect(301, '/'); + } res.render('welcome/index'); } catch (error) { return next(error); From 26e6fd9b5354ec94eae3356d86e0e404886593d8 Mon Sep 17 00:00:00 2001 From: CyberShell Date: Fri, 4 Nov 2022 02:42:24 +0000 Subject: [PATCH 2/3] Add check in logic for user when loading non-published post Alternative to error page before: `Cannot read properties of undefined (reading '_id')` during checking `!res.locals.post.author._id.equals(req.user._id)` in line 268. --- app/controllers/post.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/post.js b/app/controllers/post.js index e5090d1..9fd9f2e 100644 --- a/app/controllers/post.js +++ b/app/controllers/post.js @@ -260,7 +260,8 @@ class PostController extends SiteController { async getView (req, res, next) { const { comment: commentService, resource: resourceService } = this.dtp.services; try { - if ((res.locals.post.status !== 'published') && + if ((res.locals.post.status !== 'published') && + req.user && !res.locals.post.author._id.equals(req.user._id) && !req.user.hasAuthorDashboard) { throw new SiteError(403, 'The post is not published'); From 07cc24a378655130fea0943ae049e4f11a8cbd9a Mon Sep 17 00:00:00 2001 From: Andrew Woodlee Date: Thu, 3 Nov 2022 21:58:05 -0500 Subject: [PATCH 3/3] added check for user in welcome controller, redirecting to home page --- app/controllers/welcome.js | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/app/controllers/welcome.js b/app/controllers/welcome.js index be5140f..f92320e 100644 --- a/app/controllers/welcome.js +++ b/app/controllers/welcome.js @@ -39,9 +39,7 @@ class WelcomeController extends SiteController { } async getWelcomeCoreMember (req, res) { - if (req.user) { - res.redirect(301, '/'); - } + await this.checkForUser(req, res); res.render('welcome/core-member'); } @@ -61,32 +59,33 @@ class WelcomeController extends SiteController { } async getSignupView (req, res) { - if (req.user) { - res.redirect(301, '/'); - } + await this.checkForUser(req, res); req.session.captcha = req.session.captcha || { }; req.session.captcha.signup = captcha.randomText(4 + Math.floor(Math.random()*4)); res.render('welcome/signup'); } async getLoginView (req, res) { - if (req.user) { - res.redirect(301, '/'); - } + await this.checkForUser(req, res); res.locals.loginResult = req.session.loginResult; res.render('welcome/login'); } async getHomeView (req, res, next) { try { - if (req.user) { - res.redirect(301, '/'); - } + await this.checkForUser(req, res); res.render('welcome/index'); } catch (error) { return next(error); } } + + async checkForUser (req, res) { + if (req.user) { + res.redirect(301, '/'); + } + } + } module.exports = {