yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-27 07:03:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize emitted auth events

Browse Source
This commit is contained in:
Rémi de Juvigny 2022-12-16 12:18:07 +01:00
parent 46ac677b5b
commit 6c061e152b
3 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/core/admin/ee/server/controllers/authentication/middlewares.js
View File

@ -103,7 +103,8 @@ const redirectWithAuth = (ctx) => {
const cookiesOptions = { httpOnly: false, secure: isProduction, overwrite: true };
strapi.eventHub.emit('admin.auth.success', { user, provider });
const sanitizedUser = getService('user').sanitizeUser(user);
strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });
ctx.cookies.set('jwtToken', jwt, cookiesOptions);
ctx.redirect(redirectUrls.success);

23
packages/core/admin/ee/server/services/audit-logs/process-event.js
View File

@ -1,21 +1,18 @@
'use strict';
module.exports = function processEvent(strapi, name, ...args) {
const defaultGetPayload = (...args) => args[0];
const getAuthPayload = (...args) => ({
user: strapi.service('admin::user').sanitizeUser(args[0].user),
});
const getDefaultPayload = (...args) => args[0];
const eventMap = {
'entry.create': defaultGetPayload,
'entry.update': defaultGetPayload,
'entry.delete': defaultGetPayload,
'entry.publish': defaultGetPayload,
'entry.unpublish': defaultGetPayload,
'media.create': defaultGetPayload,
'media.update': defaultGetPayload,
'media.delete': defaultGetPayload,
'admin.auth.success': getAuthPayload,
'entry.create': getDefaultPayload,
'entry.update': getDefaultPayload,
'entry.delete': getDefaultPayload,
'entry.publish': getDefaultPayload,
'entry.unpublish': getDefaultPayload,
'media.create': getDefaultPayload,
'media.update': getDefaultPayload,
'media.delete': getDefaultPayload,
'admin.auth.success': getDefaultPayload,
};
const getPayload = eventMap[name];

3
packages/core/admin/server/controllers/authentication.js
View File

@ -32,7 +32,8 @@ module.exports = {
ctx.state.user = user;
strapi.eventHub.emit('admin.auth.success', { user, provider: 'local' });
const sanitizedUser = getService('user').sanitizeUser(user);
strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });
return next();
})(ctx, next);