Merge branch 'hotfix-0.2.48'

hackforla · Jul 12, 2023 · 0c0931e · 0c0931e
2 parents 9797bdb + a2c733d
commit 0c0931e
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 30 deletions.
diff --git a/client/package.json b/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tdm-calculator-client",
-  "version": "0.2.47",
+  "version": "0.2.48",
   "private": true,
   "proxy": "http://localhost:5001",
   "scripts": {

diff --git a/client/public/IDORAtttack.pdf b/client/public/IDORAtttack.pdf
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "root",
-  "version": "0.2.47",
+  "version": "0.2.48",
   "private": true,
   "scripts": {
     "release-notes": "gren release --override",

diff --git a/server/app/controllers/account.controller.js b/server/app/controllers/account.controller.js
@@ -22,15 +22,22 @@ const getAll = async (req, res) => {
   }
 };
 
-const getById = async (req, res) => {
-  try {
-    const { id } = req.params;
-    const response = await accountService.selectById(id);
-    res.send(response);
-  } catch (err) {
-    res.status("500").json({ error: err.toString() });
-  }
-};
+// const getById = async (req, res) => {
+//   try {
+//     const { id } = Number(req.params);
+//     const user = req.user;
+//     // Only allow if request is for account info of current user
+//     // or current user is Admin or SecurityAdmin
+//     if (id !== user.id && !user.isAdmin && !user.isSecurityAdmin) {
+//       res.sendStatus("401");
+//     } else {
+//       const response = await accountService.selectById(id);
+//       res.send(response);
+//     }
+//   } catch (err) {
+//     res.status("500").json({ error: err.toString() });
+//   }
+// };
 
 const getByEmail = async (req, res) => {
   try {
@@ -147,7 +154,7 @@ const remove = async (req, res) => {
 
 module.exports = {
   getAll,
-  getById,
+  // getById,
   getByEmail,
   register: [
     validate({ body: accountRegisterSchema }),

diff --git a/server/app/routes/account.routes.js b/server/app/routes/account.routes.js
@@ -2,7 +2,7 @@ const router = require("express").Router();
 const accountController = require("../controllers/account.controller");
 const jwtSession = require("../../middleware/jwt-session");
 
-router.get("/:id", jwtSession.validateUser, accountController.getById);
+// router.get("/:id", jwtSession.validateUser, accountController.getById);
 router.get(
   "/",
   jwtSession.validateRoles(["isSecurityAdmin"]),

diff --git a/server/app/services/account.service.js b/server/app/services/account.service.js
@@ -23,21 +23,21 @@ const selectAll = async () => {
   }
 };
 
-const selectById = async id => {
-  try {
-    await poolConnect;
-    const request = pool.request();
-    request.input("Id", mssql.Int, id);
-
-    const response = await request.execute("Login_SelectById");
-    if (response.recordset && response.recordset.length > 0) {
-      return response.recordset[0];
-    }
-    return null;
-  } catch (err) {
-    return Promise.reject(err);
-  }
-};
+// const selectById = async id => {
+//   try {
+//     await poolConnect;
+//     const request = pool.request();
+//     request.input("Id", mssql.Int, id);
+
+//     const response = await request.execute("Login_SelectById");
+//     if (response.recordset && response.recordset.length > 0) {
+//       return response.recordset[0];
+//     }
+//     return null;
+//   } catch (err) {
+//     return Promise.reject(err);
+//   }
+// };
 
 const selectByEmail = async email => {
   try {
@@ -412,7 +412,7 @@ async function hashPassword(user) {
 
 module.exports = {
   selectAll,
-  selectById,
+  // selectById,
   register,
   updateAccount,
   confirmRegistration,

diff --git a/server/package.json b/server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tdm-calculator-api",
-  "version": "0.2.47",
+  "version": "0.2.48",
   "description": "Traffic Data Management Calculator",
   "repository": {
     "type": "git",