From f4757aeee16173dfdf79e265b9e13de12defca95 Mon Sep 17 00:00:00 2001
From: mike12345567 <me@michaeldrury.co.uk>
Date: Mon, 21 Jun 2021 18:37:14 +0100
Subject: [PATCH] Fixing issues discovered by cypress tests.

---
 packages/auth/src/middleware/authenticated.js        | 5 ++---
 packages/server/src/api/controllers/dev.js           | 2 +-
 packages/worker/src/api/controllers/admin/configs.js | 7 ++++++-
 packages/worker/src/api/controllers/admin/users.js   | 3 +++
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js
index b40e86e364..64494f709d 100644
--- a/packages/auth/src/middleware/authenticated.js
+++ b/packages/auth/src/middleware/authenticated.js
@@ -50,10 +50,9 @@ module.exports = (noAuthPatterns = [], opts) => {
       if (authCookie) {
         try {
           const db = database.getDB(StaticDatabases.GLOBAL.name)
-          const foundUser = await db.get(authCookie.userId)
-          delete foundUser.password
+          user = await db.get(authCookie.userId)
+          delete user.password
           authenticated = true
-          user = foundUser
         } catch (err) {
           // remove the cookie as the use does not exist anymore
           clearCookie(ctx, Cookies.Auth)
diff --git a/packages/server/src/api/controllers/dev.js b/packages/server/src/api/controllers/dev.js
index ae7ab631d0..af937da7f2 100644
--- a/packages/server/src/api/controllers/dev.js
+++ b/packages/server/src/api/controllers/dev.js
@@ -14,7 +14,7 @@ async function redirect(ctx, method) {
     request(ctx, {
       method,
       body: ctx.request.body,
-    })
+    }, true)
   )
   if (response.status !== 200) {
     ctx.throw(response.status, response.statusText)
diff --git a/packages/worker/src/api/controllers/admin/configs.js b/packages/worker/src/api/controllers/admin/configs.js
index b5ef087665..b93bd22c80 100644
--- a/packages/worker/src/api/controllers/admin/configs.js
+++ b/packages/worker/src/api/controllers/admin/configs.js
@@ -102,9 +102,14 @@ exports.publicSettings = async function (ctx) {
   const db = new CouchDB(GLOBAL_DB)
   try {
     // Find the config with the most granular scope based on context
-    ctx.body = await getScopedFullConfig(db, {
+    const config = await getScopedFullConfig(db, {
       type: Configs.SETTINGS,
     })
+    if (!config) {
+      ctx.body = {}
+    } else {
+      ctx.body = config
+    }
   } catch (err) {
     ctx.throw(err.status, err)
   }
diff --git a/packages/worker/src/api/controllers/admin/users.js b/packages/worker/src/api/controllers/admin/users.js
index 5b95b2808f..dbe34d7ded 100644
--- a/packages/worker/src/api/controllers/admin/users.js
+++ b/packages/worker/src/api/controllers/admin/users.js
@@ -130,6 +130,9 @@ exports.removeAppRole = async ctx => {
 }
 
 exports.getSelf = async ctx => {
+  if (!ctx.user) {
+    ctx.throw(403, "User not logged in")
+  }
   ctx.params = {
     id: ctx.user._id,
   }