only used userToken in db for request

razee-io · May 13, 2020 · d174bbe · d174bbe
1 parent dfa55fc
commit d174bbe
Showing 1 changed file with 2 additions and 29 deletions.
diff --git a/app/apollo/models/user.js b/app/apollo/models/user.js
@@ -23,45 +23,18 @@ const UserSchema = require(`./user.${AUTH_MODEL}.schema`);
 const _ = require('lodash');
 
 const loadMeFromUserToken = async function(userToken, models){
- let obj, userId, orgId;
- try {
- obj = jwt.decode(userToken);
- userId = obj.userId;
- orgId = obj.orgId;
- }catch(err){
- throw new AuthenticationError('Failed to parse userToken');
- }
- if(!userId){
- throw new AuthenticationError('No user id found in userToken');
- }
- const user = await this.findById(userId, {}, { lean:true });
+ const user = await this.findOne({ userToken }, {}, { lean:true });
  if(!user){
  throw new AuthenticationError('No user found for userToken');
  }
- const org = await models.Organization.findById(orgId);
- if(!org){
- throw new AuthenticationError('No org found for userToken');
- }
- const hasVerifiedToken = _.some(org.orgKeys, (orgKey)=>{
- try{
- jwt.verify(userToken, orgKey);
- return true;
- }
- catch(err){
- return false;
- }
- });
- if(!hasVerifiedToken){
- throw new AuthenticationError('userToken could not be verified');
- }
  return {
  type: 'userToken',
  user,
  };
 };
 
 const getMeFromConnectionParamsBase = UserSchema.statics.getMeFromConnectionParams;
-UserSchema.statics.getMeFromRequest = async function(...args){
+UserSchema.statics.getMeFromConnectionParams = async function(...args){
  const [req, {models}] = args;
  const userToken = req.get('userToken');