Skip to content
Snippets Groups Projects
Commit e7dd4b86 authored by Gabriel Engel's avatar Gabriel Engel Committed by GitHub
Browse files

Merge pull request #6904 from abrom/fix-is-user-from-params 

[FIX] Bugs in `isUserFromParams` helper
parents 3fdd0aad 8d3852d7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
packages/rocketchat-api/server/v1/helpers/getUserFromParams.js
+ 13
16
View file @ e7dd4b86
......@@ -2,32 +2,29 @@
RocketChat.API.v1.helperMethods.set('getUserFromParams', function _getUserFromParams() {
const doesntExist = { _doesntExist: true };
let user;
let params;
switch (this.request.method) {
case 'POST':
case 'PUT':
if (this.bodyParams.userId && this.bodyParams.userId.trim()) {
user = RocketChat.models.Users.findOneById(this.bodyParams.userId) || doesntExist;
} else if (this.bodyParams.username && this.bodyParams.username.trim()) {
user = RocketChat.models.Users.findOneByUsername(this.bodyParams.username) || doesntExist;
} else if (this.bodyParams.user && this.bodyParams.user.trim()) {
user = RocketChat.models.Users.findOneByUsername(this.bodyParams.user) || doesntExist;
}
params = this.bodyParams;
break;
default:
if (this.queryParams.userId && this.queryParams.userId.trim()) {
user = RocketChat.models.Users.findOneById(this.queryParams.userId) || doesntExist;
} else if (this.queryParams.username && this.queryParams.username.trim()) {
user = RocketChat.models.Users.findOneByUsername(this.queryParams.username) || doesntExist;
} else if (this.queryParams.user && this.queryParams.user.trim()) {
user = RocketChat.models.Users.findOneByUsername(this.queryParams.user) || doesntExist;
}
params = this.queryParams;
break;
}
if (!user) {
if (params.userId && params.userId.trim()) {
user = RocketChat.models.Users.findOneById(params.userId) || doesntExist;
} else if (params.username && params.username.trim()) {
user = RocketChat.models.Users.findOneByUsername(params.username) || doesntExist;
} else if (params.user && params.user.trim()) {
user = RocketChat.models.Users.findOneByUsername(params.user) || doesntExist;
} else {
throw new Meteor.Error('error-user-param-not-provided', 'The required "userId" or "username" param was not provided');
} else if (user._doesntExist) {
}
if (user._doesntExist) {
throw new Meteor.Error('error-invalid-user', 'The required "userId" or "username" param provided does not match any users');
}
......
packages/rocketchat-api/server/v1/helpers/isUserFromParams.js
+ 16
3
View file @ e7dd4b86
RocketChat.API.v1.helperMethods.set('isUserFromParams', function _isUserFromParams() {
return (this.queryParams.userId && this.userId === this.queryParams.userId) ||
(this.queryParams.username && this.user.username === this.queryParams.username) ||
(this.queryParams.user && this.user.username === this.queryParams.user);
let params;
switch (this.request.method) {
case 'POST':
case 'PUT':
params = this.bodyParams;
break;
default:
params = this.queryParams;
break;
}
return (!params.userId && !params.username && !params.user) ||
(params.userId && this.userId === params.userId) ||
(params.username && this.user.username === params.username) ||
(params.user && this.user.username === params.user);
});
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment