selfhosted
/
dashy
mirror of https://github.com/lissy93/dashy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

🔀 Merge pull request #896 from Cereal916/localStorageExploitFix 

Set user in localStorage when matching auth token is found. When chec…
This commit is contained in:
Alicia Sykes 2022-09-11 22:41:45 +01:00 committed by GitHub
parent ef59eb25f4 46420d4f15
commit 933fb9c4d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/utils/Auth.js
View File

@ -54,18 +54,20 @@ const generateUserToken = (user) => {
*/
export const isLoggedIn = () => {
const users = getUsers();
const validTokens = users.map((user) => generateUserToken(user));
let userAuthenticated = false;
document.cookie.split(';').forEach((cookie) => {
let userAuthenticated = document.cookie.split(';').some((cookie) => {
if (cookie && cookie.split('=').length > 1) {
const cookieKey = cookie.split('=')[0].trim();
const cookieValue = cookie.split('=')[1].trim();
if (cookieKey === cookieKeys.AUTH_TOKEN) {
if (validTokens.includes(cookieValue)) {
userAuthenticated = true;
}
}
}
userAuthenticated = users.some((user) => {
if (generateUserToken(user) === cookieValue) {
localStorage.setItem(localStorageKeys.USERNAME, user.user);
return true;
} else return false;
});
return userAuthenticated;
} else return false;
} else return false;
});
return userAuthenticated;
};
@ -159,10 +161,10 @@ export const getCurrentUser = () => {
* Checks if the user is viewing the dashboard as a guest
* Returns true if guest mode enabled, and user not logged in
* */
export const isLoggedInAsGuest = () => {
export const isLoggedInAsGuest = (currentUser) => {
const guestEnabled = isGuestAccessEnabled();
const notLoggedIn = !isLoggedIn();
return guestEnabled && notLoggedIn;
const loggedIn = isLoggedIn() && currentUser;
return guestEnabled && !loggedIn;
};
/**

5
src/utils/CheckItemVisibility.js
View File

@ -5,15 +5,14 @@
*/
// Import helper functions from auth, to get current user, and check if guest
import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
import { getCurrentUser } from '@/utils/Auth';
import { isVisibleToUser } from '@/utils/IsVisibleToUser';
/* Putting it all together, the function to export */
export const checkItemVisibility = (item) => {
const currentUser = getCurrentUser(); // Get current user object
const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
const displayData = item.displayData || {};
return isVisibleToUser(displayData, currentUser, isGuest);
return isVisibleToUser(displayData, currentUser);
};
export default checkItemVisibility;

5
src/utils/CheckSectionVisibility.js
View File

@ -5,16 +5,15 @@
*/
// Import helper functions from auth, to get current user, and check if guest
import { getCurrentUser, isLoggedInAsGuest } from '@/utils/Auth';
import { getCurrentUser } from '@/utils/Auth';
import { isVisibleToUser } from '@/utils/IsVisibleToUser';
/* Putting it all together, the function to export */
export const checkSectionVisibility = (sections) => {
const currentUser = getCurrentUser(); // Get current user object
const isGuest = isLoggedInAsGuest(); // Check if current user is a guest
return sections.filter((currentSection) => {
const displayData = currentSection.displayData || {};
return isVisibleToUser(displayData, currentUser, isGuest);
return isVisibleToUser(displayData, currentUser);
});
};

5
src/utils/IsVisibleToUser.js
View File

@ -6,6 +6,7 @@
// Import helper functions from auth, to get current user, and check if guest
import { localStorageKeys } from '@/utils/defaults';
import { isLoggedInAsGuest } from '@/utils/Auth';
/* Helper function, checks if a given testValue is found in the visibility list */
const determineVisibility = (visibilityList, testValue) => {
@ -25,7 +26,9 @@ const determineIntersection = (source = [], target = []) => {
/* Returns false if the displayData of a section/item
should not be rendered for the current user/ guest */
export const isVisibleToUser = (displayData, currentUser, isGuest) => {
export const isVisibleToUser = (displayData, currentUser) => {
const isGuest = isLoggedInAsGuest(currentUser); // Check if current user is a guest
// Checks if user explicitly has access to a certain section
const checkVisibility = () => {
if (!currentUser) return true;