ghost

Infrastructure/ghost

Fork 0

mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-17 23:44:39 -05:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Simon Backx	f732b0181d	Fixed `last_seen` updated for suspended users (#14715 ) refs https://github.com/TryGhost/Team/issues/1461 - A suspended user was able to make it through the Express middlewares to the `updateUserLastSeen` middleware, until it was halted when checking the user permissions in the API pipeline. This was only the case for session logins, not for API keys. - For API keys, the user status is checked: `6dc3f1bf56/core/server/services/auth/api-key/admin.js (L178-L181)` - In the session middleware, the `findUserById` in `getUserForSession` didn't filter on the active status of users: `be4146e324/core/server/services/auth/session/middleware.js (L22-L27)` - This has been fixed now by updating the sessionService's `findUserById` method.	2022-05-10 13:34:12 +02:00

Simon Backx

f732b0181d

Fixed last_seen updated for suspended users (#14715 )

refs https://github.com/TryGhost/Team/issues/1461

- A suspended user was able to make it through the Express middlewares to the `updateUserLastSeen` middleware, until it was halted when checking the user permissions in the API pipeline. This was only the case for session logins, not for API keys.
- For API keys, the user status is checked:
6dc3f1bf56/core/server/services/auth/api-key/admin.js (L178-L181)
- In the session middleware, the `findUserById` in `getUserForSession` didn't filter on the active status of users:
be4146e324/core/server/services/auth/session/middleware.js (L22-L27)
- This has been fixed now by updating the sessionService's `findUserById` method.

2022-05-10 13:34:12 +02:00

1 commit