From 28a7282a8b7145f70d37273fef8e75fb9e793135 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Thu, 13 May 2021 14:17:04 +0100 Subject: [PATCH] Fixing userId storage to redis and making sure lockedBy property never stored. --- packages/server/src/api/controllers/application.js | 9 +++++++++ packages/server/src/utilities/redis.js | 4 +++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/packages/server/src/api/controllers/application.js b/packages/server/src/api/controllers/application.js index 906256208c..306535c087 100644 --- a/packages/server/src/api/controllers/application.js +++ b/packages/server/src/api/controllers/application.js @@ -138,6 +138,9 @@ exports.fetch = async function (ctx) { const lock = locks.find(lock => lock.appId === app._id) if (lock) { app.lockedBy = lock.user + } else { + // make sure its definitely not present + delete app.lockedBy } } } @@ -222,6 +225,12 @@ exports.update = async function (ctx) { const data = ctx.request.body const newData = { ...application, ...data, url } + // the locked by property is attached by server but generated from + // Redis, shouldn't ever store it + if (newData.lockedBy) { + delete newData.lockedBy + } + const response = await db.put(newData) data._rev = response.rev diff --git a/packages/server/src/utilities/redis.js b/packages/server/src/utilities/redis.js index 6664bb2072..74af76e276 100644 --- a/packages/server/src/utilities/redis.js +++ b/packages/server/src/utilities/redis.js @@ -32,9 +32,11 @@ exports.getAllLocks = async () => { exports.updateLock = async (devAppId, user) => { // make sure always global user ID + const globalId = getGlobalIDFromUserMetadataID(user._id) const inputUser = { ...user, - _id: getGlobalIDFromUserMetadataID(user._id), + userId: globalId, + _id: globalId, } await devAppClient.store(devAppId, inputUser, APP_DEV_LOCK_SECONDS) }