Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Disabled Personal Tokens of inactive/locked users

Browse source 
no issue
This commit is contained in:
Thibaut Patel 2020-11-17 14:49:48 +01:00
parent d48febbbd8
commit 5fefa9fe96
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/server/services/auth/api-key/admin.js
View file

@ -145,11 +145,13 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
if (apiKey.get('user_id')) {
// fetch the user and store it on the request for later checks and logging
models.User.findOne({id: apiKey.get('user_id')}).then((user) => {
return models.User.findOne(
{id: apiKey.get('user_id'), status: 'active'},
{require: true}
).then((user) => {
req.user = user;
next();
});
return;
}
// store the api key on the request for later checks and logging