Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

issue 900 - fixed bug with allowing inactive users with a valid jwt t… #901

Open
wants to merge 2 commits into
base: master
from

Conversation

2 participants
@fourgates
Copy link

commented Jul 3, 2019

#900 - fixed bug with allowing inactive users with a valid jwt to continue viewing non-guest content. It has been documented in the wikijs issue.

This is my first Wiki.js PR and I have never used this stack before, so let me know if I am not following conventions. I used authentication\local\authentication.js as a reference on how to load a user.

@auto-assign auto-assign bot requested a review from NGPixel Jul 3, 2019

@fourgates fourgates marked this pull request as ready for review Jul 3, 2019

Show resolved Hide resolved server/core/auth.js Outdated
@NGPixel

This comment has been minimized.

Copy link
Member

commented Jul 14, 2019

Just noticed that this queries the DB on every request, which is a big no go. The check should ideally be done in the refreshToken() method of the users model. I'll make the necessary changes (unless you want to it).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.