0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

fix(core): check identifier collision before updating admin tenant user (#3292)

This commit is contained in:
Charles Zhao 2023-03-05 23:04:36 +08:00 committed by GitHub
parent 89ba9bdc70
commit 963526ab0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -15,7 +15,14 @@ import type { AuthedMeRouter } from './types.js';
export default function userRoutes<T extends AuthedMeRouter>(
...[router, tenant]: RouterInitArgs<T>
) {
const { findUserById, updateUserById } = tenant.queries.users;
const {
queries: {
users: { findUserById, updateUserById },
},
libraries: {
users: { checkIdentifierCollision },
},
} = tenant;
router.patch(
'/user',
@ -29,10 +36,13 @@ export default function userRoutes<T extends AuthedMeRouter>(
}),
async (ctx, next) => {
const { id: userId } = ctx.auth;
const { body } = ctx.guard;
const user = await findUserById(userId);
assertThat(!user.isSuspended, new RequestError({ code: 'user.suspended', status: 401 }));
await updateUserById(userId, ctx.guard.body);
await checkIdentifierCollision(body, userId);
await updateUserById(userId, body);
ctx.status = 204;
return next();