From cd1e36ce11affa5392b878b612a120759ed265ac Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 16:40:49 -0400 Subject: [PATCH 1/7] return false instead of throwing error at comparePassword --- server/models/user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/models/user.js b/server/models/user.js index e7b85a8af7..4c67df2505 100644 --- a/server/models/user.js +++ b/server/models/user.js @@ -163,7 +163,8 @@ userSchema.methods.comparePassword = async function comparePassword( candidatePassword ) { if (!this.password) { - throw new Error('No password is set for this user.'); + console.error('No password is set for this user.'); + return false; } try { From ba794ccaec13c8886032d201bbc34b30cbd4d1da Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 16:41:43 -0400 Subject: [PATCH 2/7] add optional chaining operator for listing s3 objects --- server/controllers/aws.controller.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/controllers/aws.controller.js b/server/controllers/aws.controller.js index 8bbf25576c..a201e01213 100644 --- a/server/controllers/aws.controller.js +++ b/server/controllers/aws.controller.js @@ -41,7 +41,7 @@ export function getObjectKey(url) { } export async function deleteObjectsFromS3(keyList, callback) { - const objectsToDelete = keyList.map((key) => ({ Key: key })); + const objectsToDelete = keyList?.map((key) => ({ Key: key })); if (objectsToDelete.length > 0) { const params = { @@ -168,7 +168,7 @@ export async function listObjectsInS3ForUser(userId) { const data = await s3Client.send(new ListObjectsCommand(params)); - assets = data.Contents.map((object) => ({ + assets = data.Contents?.map((object) => ({ key: object.Key, size: object.Size })); @@ -177,7 +177,7 @@ export async function listObjectsInS3ForUser(userId) { const projectAssets = []; let totalSize = 0; - assets.forEach((asset) => { + assets?.forEach((asset) => { const name = asset.key.split('/').pop(); const foundAsset = { key: asset.key, From 6412f368d614976223b5b5adab9c70400cbade22 Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 16:42:53 -0400 Subject: [PATCH 3/7] update status codes for getSession, clear cookies --- client/modules/User/actions.js | 28 +++++++++++------------- server/controllers/session.controller.js | 13 ++++++++--- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/client/modules/User/actions.js b/client/modules/User/actions.js index 2a11d9ca12..b62943c627 100644 --- a/client/modules/User/actions.js +++ b/client/modules/User/actions.js @@ -112,21 +112,19 @@ export function getUser() { } export function validateSession() { - return (dispatch, getState) => { - apiClient - .get('/session') - .then((response) => { - const state = getState(); - if (state.user.username !== response.data.username) { - dispatch(showErrorModal('staleSession')); - } - }) - .catch((error) => { - const { response } = error; - if (response.status === 404) { - dispatch(showErrorModal('staleSession')); - } - }); + return async (dispatch, getState) => { + try { + const response = await apiClient.get('/session'); + const state = getState(); + + if (state.user.username !== response.data.username) { + dispatch(showErrorModal('staleSession')); + } + } catch (error) { + if (error.response && error.response.status === 404) { + dispatch(showErrorModal('staleSession')); + } + } }; } diff --git a/server/controllers/session.controller.js b/server/controllers/session.controller.js index 6604dcdc69..968b95a8c3 100644 --- a/server/controllers/session.controller.js +++ b/server/controllers/session.controller.js @@ -24,10 +24,16 @@ export function createSession(req, res, next) { } export function getSession(req, res) { - if (req.user && !req.user.banned) { - return res.json(userResponse(req.user)); + if (!req.user) { + return res + .status(200) + .send({ message: 'Session does not exist.', user: null }); } - return res.status(404).send({ message: 'Session does not exist' }); + if (req.user.banned) { + return res.status(403).send({ message: 'Forbidden: User is banned.' }); + } + + return res.json(userResponse(req.user)); } export function destroySession(req, res, next) { @@ -41,6 +47,7 @@ export function destroySession(req, res, next) { next(error); return; } + res.clearCookie('connect.sid'); res.json({ success: true }); }); }); From b7daa88de32d396d6d23dc8331c408920e98331a Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 17:00:36 -0400 Subject: [PATCH 4/7] remove clearCookie, affects cookie-consent --- server/controllers/session.controller.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/controllers/session.controller.js b/server/controllers/session.controller.js index 968b95a8c3..a70fb8d70e 100644 --- a/server/controllers/session.controller.js +++ b/server/controllers/session.controller.js @@ -47,7 +47,7 @@ export function destroySession(req, res, next) { next(error); return; } - res.clearCookie('connect.sid'); + res.json({ success: true }); }); }); From 3ee82586af6560cfc6b1e1551454960be7096208 Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 18:04:01 -0400 Subject: [PATCH 5/7] remove null value for user in getSession response --- server/controllers/session.controller.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/server/controllers/session.controller.js b/server/controllers/session.controller.js index a70fb8d70e..b1e319a450 100644 --- a/server/controllers/session.controller.js +++ b/server/controllers/session.controller.js @@ -25,9 +25,7 @@ export function createSession(req, res, next) { export function getSession(req, res) { if (!req.user) { - return res - .status(200) - .send({ message: 'Session does not exist.', user: null }); + return res.status(200).send({ message: 'Session does not exist.' }); } if (req.user.banned) { return res.status(403).send({ message: 'Forbidden: User is banned.' }); From ce2e83a06a8d916e608322ec8dd066cacdf7d8b8 Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 20:11:13 -0400 Subject: [PATCH 6/7] exit getUser if user session doesn't exist --- client/modules/User/actions.js | 5 +++++ server/controllers/session.controller.js | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/client/modules/User/actions.js b/client/modules/User/actions.js index b62943c627..8124e9ec7f 100644 --- a/client/modules/User/actions.js +++ b/client/modules/User/actions.js @@ -96,6 +96,11 @@ export function getUser() { const response = await apiClient.get('/session'); const { data } = response; + // If data.user is null, undefined, or not present + if (!data?.user) { + return; + } + dispatch(authenticateUser(data)); dispatch({ type: ActionTypes.SET_PREFERENCES, diff --git a/server/controllers/session.controller.js b/server/controllers/session.controller.js index b1e319a450..8d6b61198b 100644 --- a/server/controllers/session.controller.js +++ b/server/controllers/session.controller.js @@ -25,7 +25,7 @@ export function createSession(req, res, next) { export function getSession(req, res) { if (!req.user) { - return res.status(200).send({ message: 'Session does not exist.' }); + return res.status(200).send({ user: null }); } if (req.user.banned) { return res.status(403).send({ message: 'Forbidden: User is banned.' }); From bf324afb1cace0c5b9e5a535756a35667b88491e Mon Sep 17 00:00:00 2001 From: raclim Date: Wed, 24 Apr 2024 20:30:27 -0400 Subject: [PATCH 7/7] only specify if data.user is null, remove extra space --- client/modules/User/actions.js | 3 +-- server/controllers/session.controller.js | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/client/modules/User/actions.js b/client/modules/User/actions.js index 8124e9ec7f..ec348ae735 100644 --- a/client/modules/User/actions.js +++ b/client/modules/User/actions.js @@ -96,8 +96,7 @@ export function getUser() { const response = await apiClient.get('/session'); const { data } = response; - // If data.user is null, undefined, or not present - if (!data?.user) { + if (data?.user === null) { return; } diff --git a/server/controllers/session.controller.js b/server/controllers/session.controller.js index 8d6b61198b..173e9e9834 100644 --- a/server/controllers/session.controller.js +++ b/server/controllers/session.controller.js @@ -45,7 +45,6 @@ export function destroySession(req, res, next) { next(error); return; } - res.json({ success: true }); }); });