From ec82ac0f2eadc2c324b81e2252bb8bee88f09319 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 8 Mar 2019 16:55:45 +0100 Subject: [PATCH] move /action to non-authenticated area to handle session issues --- index.pl | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/index.pl b/index.pl index 6331d45..03a344a 100755 --- a/index.pl +++ b/index.pl @@ -1021,11 +1021,6 @@ get '/reg/:id/:token' => sub { $self->render( 'login', from => 'verification' ); }; -under sub { - my ($self) = @_; - return $self->is_user_authenticated; -}; - post '/action' => sub { my ($self) = @_; my $params = $self->req->json; @@ -1034,13 +1029,25 @@ post '/action' => sub { $params = $self->req->params->to_hash; } + if ( not $self->is_user_authenticated ) { + + # We deliberately do not set the HTTP status for these replies, as it + # confuses jquery. + $self->render( + json => { + success => 0, + error => 'Session error, please login again', + }, + ); + return; + } + if ( not $params->{action} ) { $self->render( json => { success => 0, error => 'Missing action value', }, - status => 400, ); return; } @@ -1111,11 +1118,15 @@ post '/action' => sub { success => 0, error => 'invalid action value', }, - status => 400, ); } }; +under sub { + my ($self) = @_; + return $self->is_user_authenticated; +}; + get '/account' => sub { my ($self) = @_;