check user state
parent
617f521708
commit
c1804a3663
|
|
@ -46,7 +46,6 @@ export async function AddEmployee(req: Request, res: Response) {
|
|||
if (
|
||||
!storeId ||
|
||||
!username ||
|
||||
!email ||
|
||||
passwordSetOnInitLogging === undefined ||
|
||||
(!password && passwordSetOnInitLogging === false) ||
|
||||
!language ||
|
||||
|
|
@ -107,9 +106,17 @@ export async function AddEmployee(req: Request, res: Response) {
|
|||
|
||||
// validate username and email
|
||||
|
||||
if (!isUsernameValid(username)) {
|
||||
return res.status(400).send({ err: "invalid request" });
|
||||
}
|
||||
|
||||
// only validate email if it is provided
|
||||
if (email !== undefined && email.length > 0) {
|
||||
email = email.toLowerCase();
|
||||
|
||||
if (!isUsernameValid(username) || !(await isEmailValid(email))) {
|
||||
console.log("email", email);
|
||||
|
||||
if (!(await isEmailValid(email))) {
|
||||
return res.status(400).send({ err: "invalid request" });
|
||||
}
|
||||
|
||||
|
|
@ -124,6 +131,9 @@ export async function AddEmployee(req: Request, res: Response) {
|
|||
if (existingUser) {
|
||||
return res.status(400).send({ err: "invalid request" });
|
||||
}
|
||||
} else {
|
||||
email = "";
|
||||
}
|
||||
|
||||
// create user
|
||||
|
||||
|
|
@ -362,6 +372,11 @@ export async function UpdateEmployee(req: Request, res: Response) {
|
|||
...update,
|
||||
email: email,
|
||||
};
|
||||
} else {
|
||||
update = {
|
||||
...update,
|
||||
email: "",
|
||||
};
|
||||
}
|
||||
|
||||
if (username) {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
import { Request } from "express";
|
||||
import { getUserSession } from "../utils/utils";
|
||||
import User from "../models/user";
|
||||
import { ACCOUNT_STATE } from "../utils/constants";
|
||||
import { userLogger } from "../logger/logger";
|
||||
|
||||
export async function sessionProtection(req: Request, res: any, next: any) {
|
||||
const session = await getUserSession(req);
|
||||
|
|
@ -14,5 +17,26 @@ export async function sessionProtection(req: Request, res: any, next: any) {
|
|||
return res.status(401).send({ err: "unauthorized" });
|
||||
}
|
||||
|
||||
// check if user is active
|
||||
const user = await User.findOne({
|
||||
where: {
|
||||
user_id: session.user_id,
|
||||
},
|
||||
attributes: ["state"],
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
return res.status(401).send({ err: "unauthorized" });
|
||||
}
|
||||
|
||||
if (user.state !== ACCOUNT_STATE.ACTIVE) {
|
||||
userLogger.info(
|
||||
session.user_id,
|
||||
"GetUser logout due to account state",
|
||||
user.state.toString()
|
||||
);
|
||||
return res.status(401).send({ err: "unauthorized" });
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ User.init(
|
|||
},
|
||||
email: {
|
||||
type: DataTypes.STRING,
|
||||
unique: true,
|
||||
// allowNull defaults to true
|
||||
},
|
||||
username: {
|
||||
type: DataTypes.STRING,
|
||||
|
|
|
|||
Loading…
Reference in New Issue