Home Explore Help
Sign In
kris
/
Musare
mirror of https://github.com/Musare/Musare.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix(users.getData): Able to filter by blacklisted properties

Owen Diffey 3 years ago
parent
cf49fae1fd
commit
f9d26843aa
1 changed files with 17 additions and 20 deletions
Split View Show Diff Stats
  1. 17 20
      backend/logic/actions/users.js

+ 17 - 20
backend/logic/actions/users.js
View File 

@@ -182,12 +182,28 @@ export default {
 
 	 */
 
 	getData: isAdminRequired(async function getSet(session, page, pageSize, properties, sort, queries, operator, cb) {
 
 		const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
 
+		const blacklistedProperties = [
 
+			"services.password.password",
 
+			"services.password.reset.code",
 
+			"services.password.reset.expires",
 
+			"services.password.set.code",
 
+			"services.password.set.expires",
 
+			"services.github.access_token",
 
+			"email.verificationToken"
 
+		];
 
 
 		async.waterfall(
 
 			[
 
 				// Creates pipeline array
 
 				next => next(null, []),
 
 
+				// If a query filter property is blacklisted throw error
 
+				(pipeline, next) => {
 
+					if (queries.filter(query => blacklistedProperties.includes(query.filter.property)).length > 0)
 
+						return next("Unable to filter by blacklisted property.");
 
+					return next(null, pipeline);
 
+				},
 
+
 
 				// If a filter or property exists for hasPassword, add hasPassword property to all documents
 
 				(pipeline, next) => {
 
 					// Check if a filter with the hasPassword property exists
 
@@ -279,28 +295,9 @@ export default {
 
 				// Adds second project stage to aggregation pipeline, responsible for excluding some specific properties
 
 				(pipeline, next) => {
 
 					pipeline.push({
 
-						$project: {
 
-							"services.password.password": 0,
 
-							"services.password.reset.code": 0,
 
-							"services.password.reset.expires": 0,
 
-							"services.password.set.code": 0,
 
-							"services.password.set.expires": 0,
 
-							"services.github.access_token": 0,
 
-							"email.verificationToken": 0
 
-						}
 
+						$project: Object.fromEntries(blacklistedProperties.map(property => [property, 0]))
 
 					});
 
 
-					// [
 
-					// 	"services.password",
 
-					// 	"services.password.password",
 
-					// 	"services.password.reset.code",
 
-					// 	"services.password.reset.expires",
 
-					// 	"services.password.set.code",
 
-					// 	"services.password.set.expires",
 
-					// 	"services.github.access_token",
 
-					// 	"services.email.verificationToken"
 
-					// ]
 
-
 
 					next(null, pipeline);
 
 				},