GitLab steht wegen Wartungsarbeiten am Montag, den 10. Mai, zwischen 17:00 und 19:00 Uhr nicht zur Verfügung.

Fixes wrong setting of privateKey when creating a quiz as a logged in user.

parent f826429c
const jwt = require('jsonwebtoken');
module.exports = {
async up(db, client) {
const quizzes = await db.collection('quizzes').find({privateKey: /bearer /i}).toArray();
if (!quizzes.length) {
return;
}
await Promise.all(quizzes.map(async quiz => {
const privateKey = jwt.verify(
quiz.privateKey.substr(7),
'arsnova.click-v2', {
algorithms: ['HS512'],
}
).privateKey;
await db.collection('quizzes').updateOne({_id: quiz._id}, {$set: {privateKey}});
}));
},
async down(db, client) {
}
};
......@@ -38,7 +38,7 @@ export const routingControllerOptions: RoutingControllersOptions = {
},
},
authorizationChecker: roleAuthorizationChecker,
defaultErrorHandler: false,
defaultErrorHandler: true,
cors: options,
controllers: [
AdminRouter,
......
......@@ -44,6 +44,7 @@ import { asyncForEach } from '../../lib/async-for-each';
import { MatchAssetCachedQuiz, MatchTextToAssetsDb } from '../../lib/cache/assets';
import { Leaderboard } from '../../lib/leaderboard/leaderboard';
import { QuizModelItem } from '../../models/quiz/QuizModelItem';
import { AuthService } from '../../services/AuthService';
import LoggerService from '../../services/LoggerService';
import { publicSettings, settings } from '../../statistics';
import { AbstractRouter } from './AbstractRouter';
......@@ -586,6 +587,9 @@ export class QuizRouter extends AbstractRouter {
if (!quiz) {
throw new BadRequestError(MessageProtocol.InvalidParameters);
}
if (privateKey.match(/bearer .*/i)) {
privateKey = (AuthService.decodeToken(privateKey.substr(7)) as any).privateKey;
}
const existingQuiz = await QuizDAO.getQuizByName(quiz.name);
if (existingQuiz && existingQuiz.privateKey !== privateKey) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment