diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js index b40e86e364..64494f709d 100644 --- a/packages/auth/src/middleware/authenticated.js +++ b/packages/auth/src/middleware/authenticated.js @@ -50,10 +50,9 @@ module.exports = (noAuthPatterns = [], opts) => { if (authCookie) { try { const db = database.getDB(StaticDatabases.GLOBAL.name) - const foundUser = await db.get(authCookie.userId) - delete foundUser.password + user = await db.get(authCookie.userId) + delete user.password authenticated = true - user = foundUser } catch (err) { // remove the cookie as the use does not exist anymore clearCookie(ctx, Cookies.Auth) diff --git a/packages/server/src/api/controllers/dev.js b/packages/server/src/api/controllers/dev.js index ae7ab631d0..af937da7f2 100644 --- a/packages/server/src/api/controllers/dev.js +++ b/packages/server/src/api/controllers/dev.js @@ -14,7 +14,7 @@ async function redirect(ctx, method) { request(ctx, { method, body: ctx.request.body, - }) + }, true) ) if (response.status !== 200) { ctx.throw(response.status, response.statusText) diff --git a/packages/worker/src/api/controllers/admin/configs.js b/packages/worker/src/api/controllers/admin/configs.js index b5ef087665..b93bd22c80 100644 --- a/packages/worker/src/api/controllers/admin/configs.js +++ b/packages/worker/src/api/controllers/admin/configs.js @@ -102,9 +102,14 @@ exports.publicSettings = async function (ctx) { const db = new CouchDB(GLOBAL_DB) try { // Find the config with the most granular scope based on context - ctx.body = await getScopedFullConfig(db, { + const config = await getScopedFullConfig(db, { type: Configs.SETTINGS, }) + if (!config) { + ctx.body = {} + } else { + ctx.body = config + } } catch (err) { ctx.throw(err.status, err) } diff --git a/packages/worker/src/api/controllers/admin/users.js b/packages/worker/src/api/controllers/admin/users.js index 5b95b2808f..dbe34d7ded 100644 --- a/packages/worker/src/api/controllers/admin/users.js +++ b/packages/worker/src/api/controllers/admin/users.js @@ -130,6 +130,9 @@ exports.removeAppRole = async ctx => { } exports.getSelf = async ctx => { + if (!ctx.user) { + ctx.throw(403, "User not logged in") + } ctx.params = { id: ctx.user._id, }