ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00

History

Simon Backx f732b0181d Fixed `last_seen` updated for suspended users (#14715 ) refs https://github.com/TryGhost/Team/issues/1461 - A suspended user was able to make it through the Express middlewares to the `updateUserLastSeen` middleware, until it was halted when checking the user permissions in the API pipeline. This was only the case for session logins, not for API keys. - For API keys, the user status is checked: `6dc3f1bf56/core/server/services/auth/api-key/admin.js (L178-L181)` - In the session middleware, the `findUserById` in `getUserForSession` didn't filter on the active status of users: `be4146e324/core/server/services/auth/session/middleware.js (L22-L27)` - This has been fixed now by updating the sessionService's `findUserById` method.		2022-05-10 13:34:12 +02:00
..
api-key	Fixed typo	2022-05-10 17:44:58 +08:00
members	Updated dependency express-jwt to v7	2022-04-28 11:15:04 +01:00
session	Fixed `last_seen` updated for suspended users (#14715 )	2022-05-10 13:34:12 +02:00
authenticate.js
authorize.js	Replaced i18n.t w/ tpl helper in authorize.js (#13442 )	2021-10-05 10:34:07 +01:00
index.js
passwordreset.js	Renamed `passwordreset` body object to `password_reset`	2022-04-28 15:37:11 +01:00
setup.js	Updated newsletter fixtures to remove nullable sender name (#14479 )	2022-04-14 23:45:59 +05:30