Set user in localStorage when matching auth token is found. When checking guest access, consider if a username is set. Fixes username local storage exploits.

This commit is contained in:
kristian 2022-09-10 21:33:45 -07:00
parent ef59eb25f4
commit 5a3fbe5672
4 changed files with 17 additions and 14 deletions

View File

@ -54,16 +54,18 @@ const generateUserToken = (user) => {
*/
export const isLoggedIn = () => {
const users = getUsers();
const validTokens = users.map((user) => generateUserToken(user));
let userAuthenticated = false;
document.cookie.split(';').forEach((cookie) => {
if (cookie && cookie.split('=').length > 1) {
const cookieKey = cookie.split('=')[0].trim();
const cookieValue = cookie.split('=')[1].trim();
if (cookieKey === cookieKeys.AUTH_TOKEN) {
if (validTokens.includes(cookieValue)) {
userAuthenticated = true;
}
users.forEach((user) => {
if (generateUserToken(user) === cookieValue) {
userAuthenticated = true;
localStorage.setItem(localStorageKeys.USERNAME, user.user);
}
});
}
}
});
@ -159,10 +161,10 @@ export const getCurrentUser = () => {
* Checks if the user is viewing the dashboard as a guest
* Returns true if guest mode enabled, and user not logged in
* */
export const isLoggedInAsGuest = () => {
export const isLoggedInAsGuest = (currentUser) => {
const guestEnabled = isGuestAccessEnabled();
const notLoggedIn = !isLoggedIn();
return guestEnabled && notLoggedIn;
const loggedIn = isLoggedIn() && currentUser;
return guestEnabled && !loggedIn;
};
/**

View File

@ -5,15 +5,14 @@
*/
// Import helper functions from auth, to get current user, and check if guest
import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
import { getCurrentUser } from '@/utils/Auth';
import { isVisibleToUser } from '@/utils/IsVisibleToUser';
/* Putting it all together, the function to export */
export const checkItemVisibility = (item) => {
const currentUser = getCurrentUser(); // Get current user object
const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
const displayData = item.displayData || {};
return isVisibleToUser(displayData, currentUser, isGuest);
return isVisibleToUser(displayData, currentUser);
};
export default checkItemVisibility;

View File

@ -5,16 +5,15 @@
*/
// Import helper functions from auth, to get current user, and check if guest
import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
import { getCurrentUser } from '@/utils/Auth';
import { isVisibleToUser } from '@/utils/IsVisibleToUser';
/* Putting it all together, the function to export */
export const checkSectionVisibility = (sections) => {
const currentUser = getCurrentUser(); // Get current user object
const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
return sections.filter((currentSection) => {
const displayData = currentSection.displayData || {};
return isVisibleToUser(displayData, currentUser, isGuest);
return isVisibleToUser(displayData, currentUser);
});
};

View File

@ -6,6 +6,7 @@
// Import helper functions from auth, to get current user, and check if guest
import { localStorageKeys } from '@/utils/defaults';
import { isLoggedInAsGuest } from '@/utils/Auth';
/* Helper function, checks if a given testValue is found in the visibility list */
const determineVisibility = (visibilityList, testValue) => {
@ -25,7 +26,9 @@ const determineIntersection = (source = [], target = []) => {
/* Returns false if the displayData of a section/item
should not be rendered for the current user/ guest */
export const isVisibleToUser = (displayData, currentUser, isGuest) => {
export const isVisibleToUser = (displayData, currentUser) => {
const isGuest = isLoggedInAsGuest(currentUser); // Check if current user is a guest
// Checks if user explicitly has access to a certain section
const checkVisibility = () => {
if (!currentUser) return true;