fix(jwt): correct session validation
This commit is contained in:
parent
14cd81e4a8
commit
c2f1389a56
|
@ -467,7 +467,7 @@ App::setResource('user', function($mode, $project, $console, $request, $response
|
||||||
$user = $projectDB->getDocument($jwtUserId);
|
$user = $projectDB->getDocument($jwtUserId);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($user->search('$id', $jwtSessionId, $user->getAttribute('tokens')))) { // Match JWT to active token
|
if (empty($user->search('$id', $jwtSessionId, $user->getAttribute('sessions')))) { // Match JWT to active token
|
||||||
$user = new Document(['$id' => '', '$collection' => Database::SYSTEM_COLLECTION_USERS]);
|
$user = new Document(['$id' => '', '$collection' => Database::SYSTEM_COLLECTION_USERS]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue