From 40cce1e54c8871bd2e652bf313b1bfdc4f9234d4 Mon Sep 17 00:00:00 2001 From: Miodec Date: Mon, 16 Aug 2021 15:27:42 +0100 Subject: [PATCH] securing signup endpoint --- backend/api/controllers/user.js | 3 ++- backend/api/routes/user.js | 2 +- src/js/account-controller.js | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/backend/api/controllers/user.js b/backend/api/controllers/user.js index 31f28edce..23e0c6d54 100644 --- a/backend/api/controllers/user.js +++ b/backend/api/controllers/user.js @@ -14,7 +14,8 @@ const fetch = require("node-fetch"); class UserController { static async createNewUser(req, res, next) { try { - const { name, email, uid } = req.body; + const { name } = req.body; + const { email, uid } = req.decodedToken; await UsersDAO.addUser(name, email, uid); return res.sendStatus(200); } catch (e) { diff --git a/backend/api/routes/user.js b/backend/api/routes/user.js index c5ce077b1..3a2b07ccf 100644 --- a/backend/api/routes/user.js +++ b/backend/api/routes/user.js @@ -6,7 +6,7 @@ const router = Router(); router.get("/", authenticateRequest, UserController.getUser); -router.post("/signup", UserController.createNewUser); +router.post("/signup", authenticateRequest, UserController.createNewUser); router.post("/checkName", UserController.checkName); diff --git a/src/js/account-controller.js b/src/js/account-controller.js index ae33e3ab3..d36b800a6 100644 --- a/src/js/account-controller.js +++ b/src/js/account-controller.js @@ -121,8 +121,6 @@ export async function signInWithGoogle() { // try { response = await axiosInstance.post("/user/signUp", { name, - email: signedInUser.user.email, - uid: signedInUser.user.uid, }); // } catch (e) { // let msg = e?.response?.data?.message ?? e.message; @@ -249,6 +247,8 @@ async function signUp() { return; } + authListener(); + let createdAuthUser; try { createdAuthUser = await firebase