Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Disabled Personal Tokens of inactive/locked users

Browse source 
no issue
This commit is contained in:
Thibaut Patel 2020-11-17 14:49:48 +01:00
parent d48febbbd8
commit 5fefa9fe96
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/server/services/auth/api-key/admin.js
View file

@ -145,11 +145,13 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
if (apiKey.get('user_id')) { if (apiKey.get('user_id')) {
// fetch the user and store it on the request for later checks and logging // fetch the user and store it on the request for later checks and logging
models.User.findOne({id: apiKey.get('user_id')}).then((user) => { return models.User.findOne(
{id: apiKey.get('user_id'), status: 'active'},
{require: true}
).then((user) => {
req.user = user; req.user = user;
next(); next();
}); });
return;
} }
// store the api key on the request for later checks and logging // store the api key on the request for later checks and logging