mirror of
https://github.com/Lissy93/dashy.git
synced 2024-12-11 10:05:50 +03:00
🔀 Merge pull request #896 from Cereal916/localStorageExploitFix
Set user in localStorage when matching auth token is found. When chec…
This commit is contained in:
commit
933fb9c4d7
@ -54,18 +54,20 @@ const generateUserToken = (user) => {
|
||||
*/
|
||||
export const isLoggedIn = () => {
|
||||
const users = getUsers();
|
||||
const validTokens = users.map((user) => generateUserToken(user));
|
||||
let userAuthenticated = false;
|
||||
document.cookie.split(';').forEach((cookie) => {
|
||||
let userAuthenticated = document.cookie.split(';').some((cookie) => {
|
||||
if (cookie && cookie.split('=').length > 1) {
|
||||
const cookieKey = cookie.split('=')[0].trim();
|
||||
const cookieValue = cookie.split('=')[1].trim();
|
||||
if (cookieKey === cookieKeys.AUTH_TOKEN) {
|
||||
if (validTokens.includes(cookieValue)) {
|
||||
userAuthenticated = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
userAuthenticated = users.some((user) => {
|
||||
if (generateUserToken(user) === cookieValue) {
|
||||
localStorage.setItem(localStorageKeys.USERNAME, user.user);
|
||||
return true;
|
||||
} else return false;
|
||||
});
|
||||
return userAuthenticated;
|
||||
} else return false;
|
||||
} else return false;
|
||||
});
|
||||
return userAuthenticated;
|
||||
};
|
||||
@ -159,10 +161,10 @@ export const getCurrentUser = () => {
|
||||
* Checks if the user is viewing the dashboard as a guest
|
||||
* Returns true if guest mode enabled, and user not logged in
|
||||
* */
|
||||
export const isLoggedInAsGuest = () => {
|
||||
export const isLoggedInAsGuest = (currentUser) => {
|
||||
const guestEnabled = isGuestAccessEnabled();
|
||||
const notLoggedIn = !isLoggedIn();
|
||||
return guestEnabled && notLoggedIn;
|
||||
const loggedIn = isLoggedIn() && currentUser;
|
||||
return guestEnabled && !loggedIn;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -5,15 +5,14 @@
|
||||
*/
|
||||
|
||||
// Import helper functions from auth, to get current user, and check if guest
|
||||
import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
|
||||
import { getCurrentUser } from '@/utils/Auth';
|
||||
import { isVisibleToUser } from '@/utils/IsVisibleToUser';
|
||||
|
||||
/* Putting it all together, the function to export */
|
||||
export const checkItemVisibility = (item) => {
|
||||
const currentUser = getCurrentUser(); // Get current user object
|
||||
const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
|
||||
const displayData = item.displayData || {};
|
||||
return isVisibleToUser(displayData, currentUser, isGuest);
|
||||
return isVisibleToUser(displayData, currentUser);
|
||||
};
|
||||
|
||||
export default checkItemVisibility;
|
||||
|
@ -5,16 +5,15 @@
|
||||
*/
|
||||
|
||||
// Import helper functions from auth, to get current user, and check if guest
|
||||
import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
|
||||
import { getCurrentUser } from '@/utils/Auth';
|
||||
import { isVisibleToUser } from '@/utils/IsVisibleToUser';
|
||||
|
||||
/* Putting it all together, the function to export */
|
||||
export const checkSectionVisibility = (sections) => {
|
||||
const currentUser = getCurrentUser(); // Get current user object
|
||||
const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
|
||||
return sections.filter((currentSection) => {
|
||||
const displayData = currentSection.displayData || {};
|
||||
return isVisibleToUser(displayData, currentUser, isGuest);
|
||||
return isVisibleToUser(displayData, currentUser);
|
||||
});
|
||||
};
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
|
||||
// Import helper functions from auth, to get current user, and check if guest
|
||||
import { localStorageKeys } from '@/utils/defaults';
|
||||
import { isLoggedInAsGuest } from '@/utils/Auth';
|
||||
|
||||
/* Helper function, checks if a given testValue is found in the visibility list */
|
||||
const determineVisibility = (visibilityList, testValue) => {
|
||||
@ -25,7 +26,9 @@ const determineIntersection = (source = [], target = []) => {
|
||||
|
||||
/* Returns false if the displayData of a section/item
|
||||
should not be rendered for the current user/ guest */
|
||||
export const isVisibleToUser = (displayData, currentUser, isGuest) => {
|
||||
export const isVisibleToUser = (displayData, currentUser) => {
|
||||
const isGuest = isLoggedInAsGuest(currentUser); // Check if current user is a guest
|
||||
|
||||
// Checks if user explicitly has access to a certain section
|
||||
const checkVisibility = () => {
|
||||
if (!currentUser) return true;
|
||||
|
Loading…
Reference in New Issue
Block a user