Commit 3ef10b56 authored by antoine masson's avatar antoine masson
Browse files

v1.06

Fix bug in access token 
parent aee71502
...@@ -176,20 +176,20 @@ exports.loginToken = async (req, res) => { ...@@ -176,20 +176,20 @@ exports.loginToken = async (req, res) => {
}; };
exports.accessToken = async (req, res) => { exports.accessToken = async (req, res) => {
if(await Survey.isAccessToken(req.body.survey_id)){ if(await Survey.isAccessToken(req.body.survey_id)){
try{ // try{
const survey = await Survey.findById(req.body.survey_id) const survey = await Survey.findById(req.body.survey_id)
let spoc= await survey.poc let spoc= await survey.poc
if(!survey.status && !token.test){ let token = await Token.findOne({ token:req.body.token });
if(!survey.status && (!token || !token.test)){
return res return res
.status(201) .status(201)
.json({ message: "Survey not online" ,poc:spoc,status: "Error"}); .json({ message: "Survey not online" ,poc:spoc,status: "Error"});
} }
if(!survey.enable && !token.test){ if(!survey.general.enable && (!token ||!token.test)){
return res return res
.status(201) .status(201)
.json({ message: "Survey disabled" ,poc:spoc,status: "Error"}); .json({ message: "Survey disabled" ,poc:spoc,status: "Error"});
} }
let token = await Token.findOne({ token:req.body.token });
if (!token) { //create new token if doesn't exist if (!token) { //create new token if doesn't exist
const newtoken = new Token({ const newtoken = new Token({
token: req.body.token, token: req.body.token,
...@@ -209,9 +209,9 @@ exports.accessToken = async (req, res) => { ...@@ -209,9 +209,9 @@ exports.accessToken = async (req, res) => {
} }
const authtoken = await token.generateAuthToken(); const authtoken = await token.generateAuthToken();
res.status(201).json({ token:authtoken, message : "Succeeded Login", status: "OK"}); res.status(201).json({ token:authtoken, message : "Succeeded Login", status: "OK"});
} catch(err){ // } catch(err){
res.status(400).json({ message: err,status:"Error"}); // res.status(400).json({ message: err,status:"Error"});
} // }
} else { } else {
const gopt = await GlobalOptions.findById(0,{poc:1}); const gopt = await GlobalOptions.findById(0,{poc:1});
res.status(400).json({ message: "Forbidden Operation",poc:gopt.poc,status:"Error"}); res.status(400).json({ message: "Forbidden Operation",poc:gopt.poc,status:"Error"});
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment