🔀 Merge pull request #896 from Cereal916/localStorageExploitFix

Set user in localStorage when matching auth token is found. When chec…

src/utils/Auth.js

@@ -54,18 +54,20 @@ const generateUserToken = (user) => {
  */
 export const isLoggedIn = () => {
   const users = getUsers();
-  const validTokens = users.map((user) => generateUserToken(user));
-  let userAuthenticated = false;
-  document.cookie.split(';').forEach((cookie) => {
+  let userAuthenticated = document.cookie.split(';').some((cookie) => {
     if (cookie && cookie.split('=').length > 1) {
       const cookieKey = cookie.split('=')[0].trim();
       const cookieValue = cookie.split('=')[1].trim();
       if (cookieKey === cookieKeys.AUTH_TOKEN) {
-        if (validTokens.includes(cookieValue)) {
-          userAuthenticated = true;
-        }
-      }
-    }
+        userAuthenticated = users.some((user) => {
+          if (generateUserToken(user) === cookieValue) {
+            localStorage.setItem(localStorageKeys.USERNAME, user.user);
+            return true;
+          } else return false;
+        });
+        return userAuthenticated;
+      } else return false;
+    } else return false;
   });
   return userAuthenticated;
 };
@@ -159,10 +161,10 @@ export const getCurrentUser = () => {
  * Checks if the user is viewing the dashboard as a guest
  * Returns true if guest mode enabled, and user not logged in
  * */
-export const isLoggedInAsGuest = () => {
+export const isLoggedInAsGuest = (currentUser) => {
   const guestEnabled = isGuestAccessEnabled();
-  const notLoggedIn = !isLoggedIn();
-  return guestEnabled && notLoggedIn;
+  const loggedIn = isLoggedIn() && currentUser;
+  return guestEnabled && !loggedIn;
 };
 
 /**

src/utils/CheckItemVisibility.js

@@ -5,15 +5,14 @@
  */
 
 // Import helper functions from auth, to get current user, and check if guest
-import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
+import { getCurrentUser } from '@/utils/Auth';
 import { isVisibleToUser } from '@/utils/IsVisibleToUser';
 
 /* Putting it all together, the function to export */
 export const checkItemVisibility = (item) => {
   const currentUser = getCurrentUser(); // Get current user object
-  const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
   const displayData = item.displayData || {};
-  return isVisibleToUser(displayData, currentUser, isGuest);
+  return isVisibleToUser(displayData, currentUser);
 };
 
 export default checkItemVisibility;

src/utils/CheckSectionVisibility.js

@@ -5,16 +5,15 @@
  */
 
 // Import helper functions from auth, to get current user, and check if guest
-import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
+import { getCurrentUser } from '@/utils/Auth';
 import { isVisibleToUser } from '@/utils/IsVisibleToUser';
 
 /* Putting it all together, the function to export */
 export const checkSectionVisibility = (sections) => {
   const currentUser = getCurrentUser(); // Get current user object
-  const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
   return sections.filter((currentSection) => {
     const displayData = currentSection.displayData || {};
-    return isVisibleToUser(displayData, currentUser, isGuest);
+    return isVisibleToUser(displayData, currentUser);
   });
 };
 

src/utils/IsVisibleToUser.js

@@ -6,6 +6,7 @@
 
 // Import helper functions from auth, to get current user, and check if guest
 import { localStorageKeys } from '@/utils/defaults';
+import { isLoggedInAsGuest } from '@/utils/Auth';
 
 /* Helper function, checks if a given testValue is found in the visibility list */
 const determineVisibility = (visibilityList, testValue) => {
@@ -25,7 +26,9 @@ const determineIntersection = (source = [], target = []) => {
 
 /* Returns false if the displayData of a section/item
     should not be rendered for the current user/ guest */
-export const isVisibleToUser = (displayData, currentUser, isGuest) => {
+export const isVisibleToUser = (displayData, currentUser) => {
+  const isGuest = isLoggedInAsGuest(currentUser); // Check if current user is a guest
+
   // Checks if user explicitly has access to a certain section
   const checkVisibility = () => {
     if (!currentUser) return true;