From ecc56e7c0eb16e6eac9d08a513acad8d8e67320f Mon Sep 17 00:00:00 2001 From: florpor Date: Sun, 20 Jun 2021 23:54:18 +0300 Subject: [PATCH] revert alert unsubscribe active session constraint --- server/api/controller/alert.js | 7 ------- .../integration/controller/alert.test.js | 20 ------------------- 2 files changed, 27 deletions(-) diff --git a/server/api/controller/alert.js b/server/api/controller/alert.js index 7eaa8390..6c7ed94e 100644 --- a/server/api/controller/alert.js +++ b/server/api/controller/alert.js @@ -41,13 +41,6 @@ class AlertController extends Controller { // return successfully even if alert was not found since // it is probably already unsubscribed return null; - } else if (fetchedModel.get('person_id') !== req.session.person.id) { - Log.warn( - 'unauthorized alert unsubscribe attempt:', - fetchedModel.get('id'), - req.session.person.id - ); - return null; } Log.debug( diff --git a/server/tests/integration/controller/alert.test.js b/server/tests/integration/controller/alert.test.js index 0591cd05..1e7576bf 100644 --- a/server/tests/integration/controller/alert.test.js +++ b/server/tests/integration/controller/alert.test.js @@ -15,12 +15,6 @@ describe('Alert controller', function() { status: 1, id: 1 }; - const person2 = { - email: 'test2@meirim.org', - password: 'xxxx', - status: 1, - id: 2 - }; beforeEach(async function() { await mockDatabase.createTables(tables); @@ -70,20 +64,6 @@ describe('Alert controller', function() { assert.isOk(alert); assert.isOk(alert.unsubsribeToken()); - // try to unsubscribe alert using a user who doesn't own the alert - const failedReq = { - params: { - token: alert.unsubsribeToken() - }, - session: { - person: person2 - } - }; - - // request should fail and return null - const failedRes = await alertController.unsubscribe(failedReq); - assert.isNull(failedRes); - // try to unsubscribe alert using the owning user const successReq = { params: {