From 0bbfc626102aedfc96c6372e2ace62d8fec14fd9 Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 22 Apr 2020 09:19:22 +0200 Subject: [PATCH 1/2] chore: add debug if unauthenticated --- server/src/routes/v1/apps/handlers/getSingleApp.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/routes/v1/apps/handlers/getSingleApp.js b/server/src/routes/v1/apps/handlers/getSingleApp.js index 600d03317..93da04101 100644 --- a/server/src/routes/v1/apps/handlers/getSingleApp.js +++ b/server/src/routes/v1/apps/handlers/getSingleApp.js @@ -22,7 +22,6 @@ const { } = require('../../../../security') module.exports = { - //unauthenticated endpoint returning the approved app for the specified appId method: 'GET', path: '/v1/apps/{appId}', config: { @@ -59,6 +58,7 @@ module.exports = { appsUserCanEdit.map(app => app.app_id).indexOf(appId) !== -1 } catch (err) { //no user on request + debug('No user in request') } if (canSeeAllApps(request) || isDeveloper) { From b58d8bb2a772cb0642c42180d030836c90cd4652 Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 22 Apr 2020 09:20:15 +0200 Subject: [PATCH 2/2] fix: handle downloads without auth --- server/src/routes/v1/apps/handlers/getAppFile.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/server/src/routes/v1/apps/handlers/getAppFile.js b/server/src/routes/v1/apps/handlers/getAppFile.js index de3d088fc..840e41397 100644 --- a/server/src/routes/v1/apps/handlers/getAppFile.js +++ b/server/src/routes/v1/apps/handlers/getAppFile.js @@ -26,7 +26,13 @@ module.exports = { const knex = h.context.db const isAdmin = currentUserIsManager(request) - const user = await getCurrentUserFromRequest(request) + let user = null + try { + user = await getCurrentUserFromRequest(request) + } catch (err) { + //no user in request, anonymous + debug('no user in request') + } debug('user:', user) debug('isAdmin:', isAdmin)