asd

nhost · Feb 3, 2024 · eb95e2d · eb95e2d
1 parent 51c8a8b
commit eb95e2d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 9 deletions.
diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts
@@ -24,7 +24,6 @@ export const authMiddleware: RequestHandler = async (req, _, next) => {
 export const authenticationGate = (
     checkElevatedPermissions: boolean,
     bypassIfNoKeys = false,
-    bypassFn: (req: any) => boolean = () => false,
 ): RequestHandler => {
   return async (req, res, next) => {
     if (!req.auth) {
@@ -35,24 +34,26 @@ export const authenticationGate = (
 
     if (!checkElevatedPermissions ||
         ENV.AUTH_REQUIRE_ELEVATED_CLAIM === 'disabled' ||
-        !ENV.AUTH_WEBAUTHN_ENABLED ||
-        auth.elevated ||
-        bypassFn(req)
-       ) {
+        !ENV.AUTH_WEBAUTHN_ENABLED
+    ) {
       return next();
     }
 
-    if (await failsElevatedCheck(auth.userId, bypassIfNoKeys)) {
+    if (await failsElevatedCheck(auth, bypassIfNoKeys)) {
         return sendError(res, 'elevated-claim-required');
     }
 
     return next();
   };
 }
 
-export const failsElevatedCheck = async (userId: string, bypassIfNoKeys = false) => {
+export const failsElevatedCheck = async (auth: RequestAuth, bypassIfNoKeys = false) => {
+  if (auth.elevated) {
+    return false;
+  }
+
   const response = await gqlSdk.getUserSecurityKeys({
-    id: userId,
+    id: auth.userId,
   });
 
   if (response.authUserSecurityKeys.length === 0 && ENV.AUTH_REQUIRE_ELEVATED_CLAIM === 'recommended') {

diff --git a/src/routes/user/password.ts b/src/routes/user/password.ts
@@ -30,7 +30,7 @@ export const userPasswordHandler: RequestHandler<
       return sendError(res, 'unauthenticated-user');
     }
 
-    if (await failsElevatedCheck(req.auth?.userId)) {
+    if (await failsElevatedCheck(req.auth)) {
         return sendError(res, 'elevated-claim-required');
     }