Enabled authentication using an api key with a user_id

no issue - Enables the Personal Tokens feature.
2025-02-03 23:00:14 -05:00 · 2020-10-23 16:34:41 +02:00 · 2020-10-23 16:34:41 +02:00 · be4146e324
commit be4146e324
parent 214ed405cc
2 changed files with 17 additions and 2 deletions
--- a/core/server/services/auth/api-key/admin.js
+++ b/core/server/services/auth/api-key/admin.js
@ -141,7 +141,18 @@ const authenticateWithToken = (req, res, next, {token, JWT_OPTIONS}) => {
            return next(new errors.InternalServerError({err}));
        }

-        // authenticated OK, store the api key on the request for later checks and logging
+        // authenticated OK
+
+        if (apiKey.get('user_id')) {
+            // fetch the user and store it on the request for later checks and logging
+            models.User.findOne({id: apiKey.get('user_id')}).then((user) => {
+                req.user = user;
+                next();
+            });
+            return;
+        }
+
+        // store the api key on the request for later checks and logging
        req.api_key = apiKey;
        next();
    }).catch((err) => {
--- a/core/server/services/auth/session/middleware.js
+++ b/core/server/services/auth/session/middleware.js
@ -20,7 +20,11 @@ function SessionMiddleware({sessionService}) {
    async function authenticate(req, res, next) {
        try {
            const user = await sessionService.getUserForSession(req, res);
-            req.user = user;
+            if (user) {
+                // Do not nullify `req.user` as it might have been already set
+                // in a previous middleware (authorize middleware).
+                req.user = user;
+            }
            next();
        } catch (err) {
            next(err);