This is an automated email from the ASF dual-hosted git repository.
akuznetsov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 74aa337 Minor cleanup.
74aa337 is described below
commit 74aa3376a40030888f7fd8c57e018c60857ef046
Author: Alexey Kuznetsov <[email protected]>
AuthorDate: Mon Jan 14 18:40:36 2019 +0700
Minor cleanup.
---
modules/web-console/backend/app/configure.js | 4 ++++
modules/web-console/backend/package.json | 1 +
modules/web-console/backend/routes/profile.js | 2 +-
modules/web-console/backend/services/users.js | 9 +++++----
4 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/modules/web-console/backend/app/configure.js
b/modules/web-console/backend/app/configure.js
index a0e5190..ac71b74 100644
--- a/modules/web-console/backend/app/configure.js
+++ b/modules/web-console/backend/app/configure.js
@@ -25,6 +25,7 @@ const session = require('express-session');
const connectMongo = require('connect-mongo');
const passport = require('passport');
const passportSocketIo = require('passport.socketio');
+const mongoSanitize = require('express-mongo-sanitize');
// Fire me up!
@@ -50,6 +51,9 @@ module.exports.factory = function(settings, mongo, apis) {
app.use(bodyParser.json({limit: '50mb'}));
app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
+
+ app.use(mongoSanitize({replaceWith: '_'}));
+
app.use(session({
secret: settings.sessionSecret,
resave: false,
diff --git a/modules/web-console/backend/package.json
b/modules/web-console/backend/package.json
index 4399ae7..9d1918e 100644
--- a/modules/web-console/backend/package.json
+++ b/modules/web-console/backend/package.json
@@ -52,6 +52,7 @@
"connect-mongo": "1.3.2",
"cookie-parser": "1.4.3",
"express": "4.15.3",
+ "express-mongo-sanitize": "1.3.2",
"express-session": "1.15.4",
"fire-up": "1.0.0",
"glob": "7.1.2",
diff --git a/modules/web-console/backend/routes/profile.js
b/modules/web-console/backend/routes/profile.js
index 0ce2656..79fb3de 100644
--- a/modules/web-console/backend/routes/profile.js
+++ b/modules/web-console/backend/routes/profile.js
@@ -43,7 +43,7 @@ module.exports.factory = function(mongo, usersService) {
if (req.body.password && _.isEmpty(req.body.password))
return res.status(500).send('Wrong value for new password!');
- usersService.save(req.body)
+ usersService.save(req.user._id, req.body)
.then((user) => {
const becomeUsed = req.session.viewedUser &&
req.user.admin;
diff --git a/modules/web-console/backend/services/users.js
b/modules/web-console/backend/services/users.js
index ed844db..ecfdc0b 100644
--- a/modules/web-console/backend/services/users.js
+++ b/modules/web-console/backend/services/users.js
@@ -76,7 +76,7 @@ module.exports.factory = (errors, settings, mongo,
spacesService, mailsService,
})
.then((registered) => {
return mongo.Space.create({name: 'Personal space', owner:
registered._id})
- .then(() => registered)
+ .then(() => registered);
})
.then((registered) => {
if (settings.activation.enabled) {
@@ -102,16 +102,17 @@ module.exports.factory = (errors, settings, mongo,
spacesService, mailsService,
/**
* Save user.
*
- * @param {Object} changed - The user
+ * @param userId User ID.
+ * @param {Object} changed Changed user.
* @returns {Promise.<mongo.ObjectId>} that resolves account id of
merge operation.
*/
- static save(changed) {
+ static save(userId, changed) {
delete changed.admin;
delete changed.activated;
delete changed.activationSentAt;
delete changed.activationToken;
- return mongo.Account.findById(changed._id).exec()
+ return mongo.Account.findById(userId).exec()
.then((user) => {
if (!changed.password)
return Promise.resolve(user);
