From d174bbebec7da25b17f26b77ef39872dd957dacf Mon Sep 17 00:00:00 2001 From: Ryan Graham Date: Wed, 13 May 2020 09:43:32 -0400 Subject: [PATCH] only used userToken in db for request --- app/apollo/models/user.js | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/app/apollo/models/user.js b/app/apollo/models/user.js index 4823e2a5e..fa0656def 100644 --- a/app/apollo/models/user.js +++ b/app/apollo/models/user.js @@ -23,37 +23,10 @@ const UserSchema = require(`./user.${AUTH_MODEL}.schema`); const _ = require('lodash'); const loadMeFromUserToken = async function(userToken, models){ - let obj, userId, orgId; - try { - obj = jwt.decode(userToken); - userId = obj.userId; - orgId = obj.orgId; - }catch(err){ - throw new AuthenticationError('Failed to parse userToken'); - } - if(!userId){ - throw new AuthenticationError('No user id found in userToken'); - } - const user = await this.findById(userId, {}, { lean:true }); + const user = await this.findOne({ userToken }, {}, { lean:true }); if(!user){ throw new AuthenticationError('No user found for userToken'); } - const org = await models.Organization.findById(orgId); - if(!org){ - throw new AuthenticationError('No org found for userToken'); - } - const hasVerifiedToken = _.some(org.orgKeys, (orgKey)=>{ - try{ - jwt.verify(userToken, orgKey); - return true; - } - catch(err){ - return false; - } - }); - if(!hasVerifiedToken){ - throw new AuthenticationError('userToken could not be verified'); - } return { type: 'userToken', user, @@ -61,7 +34,7 @@ const loadMeFromUserToken = async function(userToken, models){ }; const getMeFromConnectionParamsBase = UserSchema.statics.getMeFromConnectionParams; -UserSchema.statics.getMeFromRequest = async function(...args){ +UserSchema.statics.getMeFromConnectionParams = async function(...args){ const [req, {models}] = args; const userToken = req.get('userToken');