diff --git a/routes/login.js b/routes/login.js index c690c7cb..d95b2012 100644 --- a/routes/login.js +++ b/routes/login.js @@ -24,8 +24,8 @@ router } }) .post(async (request, response) => { - const userName = request.body.userName; - const passwordPlain = request.body.password; + const userName = (typeof request.body.userName === "string" ? request.body.userName : ""); + const passwordPlain = (typeof request.body.password === "string" ? request.body.password : ""); const unsafeRedirectURL = request.body.redirect; const redirectURL = authenticationFunctions.getSafeRedirectURL(typeof unsafeRedirectURL === "string" ? unsafeRedirectURL : ""); let isAuthenticated = false; @@ -37,7 +37,7 @@ router } } } - else { + else if (userName !== "" && passwordPlain !== "") { isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain); } let userObject; @@ -52,12 +52,12 @@ router const canUpdate = configFunctions .getProperty("users.canUpdate") .some((currentUserName) => { - return (userNameLowerCase === currentUserName.toLowerCase()); + return userNameLowerCase === currentUserName.toLowerCase(); }); const isAdmin = configFunctions .getProperty("users.isAdmin") .some((currentUserName) => { - return (userNameLowerCase === currentUserName.toLowerCase()); + return userNameLowerCase === currentUserName.toLowerCase(); }); const apiKey = await getApiKey(userNameLowerCase); userObject = { diff --git a/routes/login.ts b/routes/login.ts index e33436ce..3039f8e8 100644 --- a/routes/login.ts +++ b/routes/login.ts @@ -19,8 +19,7 @@ export const router = Router(); router .route("/") .get((request, response) => { - const sessionCookieName = - configFunctions.getProperty("session.cookieName"); + const sessionCookieName = configFunctions.getProperty("session.cookieName"); if (request.session.user && request.cookies[sessionCookieName]) { const redirectURL = authenticationFunctions.getSafeRedirectURL( @@ -38,8 +37,13 @@ router } }) .post(async (request, response) => { - const userName = request.body.userName as string; - const passwordPlain = request.body.password as string; + const userName = ( + typeof request.body.userName === "string" ? request.body.userName : "" + ) as string; + + const passwordPlain = ( + typeof request.body.password === "string" ? request.body.password : "" + ) as string; const unsafeRedirectURL = request.body.redirect; @@ -51,18 +55,15 @@ router if (userName.charAt(0) === "*") { if (useTestDatabases && userName === passwordPlain) { - - isAuthenticated = configFunctions.getProperty("users.testing").includes(userName); - - if (isAuthenticated) { - debug("Authenticated testing user: " + userName); - } + isAuthenticated = configFunctions.getProperty("users.testing").includes(userName); + + if (isAuthenticated) { + debug("Authenticated testing user: " + userName); + } } - - } else { - + } else if (userName !== "" && passwordPlain !== "") { isAuthenticated = await authenticationFunctions.authenticate(userName, passwordPlain); - } + } let userObject: recordTypes.User; @@ -79,17 +80,13 @@ router const canUpdate = configFunctions .getProperty("users.canUpdate") .some((currentUserName) => { - return ( - userNameLowerCase === currentUserName.toLowerCase() - ); + return userNameLowerCase === currentUserName.toLowerCase(); }); const isAdmin = configFunctions .getProperty("users.isAdmin") .some((currentUserName) => { - return ( - userNameLowerCase === currentUserName.toLowerCase() - ); + return userNameLowerCase === currentUserName.toLowerCase(); }); const apiKey = await getApiKey(userNameLowerCase);