Fix infinite login

2025-09-02 13:23:12 +00:00 · 2018-01-18 11:13:44 +01:00 · 2018-01-18 11:13:44 +01:00 · fa8976c98f
commit fa8976c98f
parent b84976fbbd
3 changed files with 4 additions and 4 deletions
--- a/packages/strapi-plugin-users-permissions/config/policies/permissions.js
+++ b/packages/strapi-plugin-users-permissions/config/policies/permissions.js
@ -3,9 +3,9 @@ module.exports = async (ctx, next) => {

  if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
    try {
-      const token = await strapi.plugins['users-permissions'].services.jwt.getToken(ctx);
+      const { _id, id } = await strapi.plugins['users-permissions'].services.jwt.getToken(ctx);

-      ctx.state.user = await strapi.query('user', 'users-permissions').findOne({ _id, id } = token, ['role'])
+      ctx.state.user = await strapi.query('user', 'users-permissions').findOne({ _id, id }, ['role']);
    } catch (err) {
      return ctx.unauthorized(err);
    }
--- a/packages/strapi-plugin-users-permissions/config/queries/mongoose.js
+++ b/packages/strapi-plugin-users-permissions/config/queries/mongoose.js
@ -23,7 +23,7 @@ module.exports = {
    } else if (params.id) {
      delete params.id;
    }
-
+    
    return this
      .findOne(params)
      .populate(populate || this.associations.map(x => x.alias).join(' '));
--- a/packages/strapi-plugin-users-permissions/controllers/User.js
+++ b/packages/strapi-plugin-users-permissions/controllers/User.js
@ -39,7 +39,7 @@ module.exports = {
    if (!user) {
      return ctx.badRequest(null, [{ messages: [{ id: 'No authorization header was found' }] }]);
    }
-    
+
    const data = _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']);

    // Send 200 `ok`