revert alert unsubscribe active session constraint

meirim-org · Jun 20, 2021 · ecc56e7 · ecc56e7
1 parent 05ca721
commit ecc56e7
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 27 deletions.
diff --git a/server/api/controller/alert.js b/server/api/controller/alert.js
@@ -41,13 +41,6 @@ class AlertController extends Controller {
 					// return successfully even if alert was not found since
 					// it is probably already unsubscribed
 					return null;
-				} else if (fetchedModel.get('person_id') !== req.session.person.id) {
-					Log.warn(
-						'unauthorized alert unsubscribe attempt:',
-						fetchedModel.get('id'),
-						req.session.person.id
-					);
-					return null;
 				}
 
 				Log.debug(

diff --git a/server/tests/integration/controller/alert.test.js b/server/tests/integration/controller/alert.test.js
@@ -15,12 +15,6 @@ describe('Alert controller', function() {
 		status: 1,
 		id: 1
 	};
-	const person2 = {
-		email: 'test2@meirim.org',
-		password: 'xxxx',
-		status: 1,
-		id: 2
-	};
 
 	beforeEach(async function() {
 		await mockDatabase.createTables(tables);
@@ -70,20 +64,6 @@ describe('Alert controller', function() {
 		assert.isOk(alert);
 		assert.isOk(alert.unsubsribeToken());
 
-		// try to unsubscribe alert using a user who doesn't own the alert
-		const failedReq = {
-			params: {
-				token: alert.unsubsribeToken()
-			},
-			session: {
-				person: person2
-			}
-		};
-
-		// request should fail and return null
-		const failedRes = await alertController.unsubscribe(failedReq);
-		assert.isNull(failedRes);
-
 		// try to unsubscribe alert using the owning user
 		const successReq = {
 			params: {