Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow a logged-in user to search for another user's info. #50

Open
6 tasks
Tracked by #49
MatheusSanchez opened this issue Feb 4, 2024 · 0 comments · May be fixed by #53
Open
6 tasks
Tracked by #49

Do not allow a logged-in user to search for another user's info. #50

MatheusSanchez opened this issue Feb 4, 2024 · 0 comments · May be fixed by #53
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@MatheusSanchez
Copy link
Owner

MatheusSanchez commented Feb 4, 2024
edited
Loading

Currently, if you are logged in, you can search for a user using the get user by id route by passing another user's ID as a query parameter.

This happens because the route uses the JWT token just for authentication and not to search for the user.

This would also prevent us from needing to export the userId from the create-authenticate-user.ts file, which is used for our tests, and to complete the route path (through query parameters) in the tests.

Remove the query param for the following routes:

  • /user/:id
  • /user/:userId/edit
  • /user/:userId/photo
  • /user/:userId/project
  • /projects/:userId

Delete the following routes:

  • /user ---- getUserByEmail - we can use the route by id - can be deprecated

With those changes, we need to fix the front-end o exclude these query parameters.

@pedrodecf could you create an issue on the front-end repo and link here ?

More context: #49
@MatheusSanchez MatheusSanchez added enhancement New feature or request good first issue Good for newcomers labels Feb 4, 2024
@MatheusSanchez MatheusSanchez mentioned this issue Feb 4, 2024
Merged
2 tasks
@MatheusSanchez MatheusSanchez linked a pull request Feb 4, 2024 that will close this issue
Issue 50 dont allow logged user call resources for other user #53
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue 50 dont allow logged user call resources for other user MatheusSanchez/orange-back
1 participant
@MatheusSanchez