Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-06 20:40:08 -05:00
Code Issues Activity

fix(core): check identifier collision before updating admin tenant user (#3292)

Browse source
This commit is contained in:
Charles Zhao 2023-03-05 23:04:36 +08:00 committed by GitHub
parent 89ba9bdc70
commit 963526ab0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
packages/core/src/routes-me/user.ts
View file

@ -15,7 +15,14 @@ import type { AuthedMeRouter } from './types.js';
export default function userRoutes<T extends AuthedMeRouter>( export default function userRoutes<T extends AuthedMeRouter>(
...[router, tenant]: RouterInitArgs<T> ...[router, tenant]: RouterInitArgs<T>
) { ) {
const { findUserById, updateUserById } = tenant.queries.users; const {
queries: {
users: { findUserById, updateUserById },
},
libraries: {
users: { checkIdentifierCollision },
},
} = tenant;
router.patch( router.patch(
'/user', '/user',
@ -29,10 +36,13 @@ export default function userRoutes<T extends AuthedMeRouter>(
}), }),
async (ctx, next) => { async (ctx, next) => {
const { id: userId } = ctx.auth; const { id: userId } = ctx.auth;
const { body } = ctx.guard;
const user = await findUserById(userId); const user = await findUserById(userId);
assertThat(!user.isSuspended, new RequestError({ code: 'user.suspended', status: 401 })); assertThat(!user.isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
await updateUserById(userId, ctx.guard.body); await checkIdentifierCollision(body, userId);
await updateUserById(userId, body);
ctx.status = 204; ctx.status = 204;
return next(); return next();