Commit 970a35cc authored by pdg16's avatar pdg16
Browse files

validate id parameter

parent fec33c28
Pipeline #20025 failed with stage
in 1 minute and 58 seconds
......@@ -40,6 +40,8 @@ const email = require(`${libs}/middlewares/email`);
const checkAdmin = require(`${libs}/middlewares/checkAdmin`);
var mongoose = require('mongoose');
const passport = require('passport');
function emailSyntax(email) {
......@@ -120,6 +122,8 @@ userApp.get('/me', passport.authenticate('bearer', { session: false }), (req, re
}, response('user'));
userApp.get('/:id', passport.authenticate('bearer', {session: false}), checkAdmin(), (req, res, next) => {
if(!mongoose.Types.ObjectId.isValid(req.params.id))
return res.json({msg: 'Invalid id'});
User.findById(req.params.id, (err, user) => {
if(err) {
log.error(err);
......@@ -140,6 +144,8 @@ userApp.get('/:id', passport.authenticate('bearer', {session: false}), checkAdmi
// Rota para o admin deletar users
userApp.delete('/:id', passport.authenticate('bearer', {session: false}), checkAdmin(), (req, res, next) => {
if(!mongoose.Types.ObjectId.isValid(req.params.id))
return res.json({msg: 'Invalid id'});
User.findOneAndRemove({_id:req.params.id, origin: req.user.origin}, (err, user) => {
if(err) {
log.error(err);
......@@ -316,6 +322,8 @@ userApp.put('/', passport.authenticate('bearer', { session: false }), (req, res,
userApp.put('/:id', passport.authenticate('bearer', { session: false }), checkAdmin(), (req, res, next) => {
if(!mongoose.Types.ObjectId.isValid(req.params.id))
return res.json({msg: 'Invalid id'});
User.findById(req.params.id, (err, user) => {
if (err) {
log.error(err);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment