From eb95e2dba949d2029f760bacb2c448c5ac33f8e0 Mon Sep 17 00:00:00 2001
From: David Barroso <dbarrosop@dravetech.com>
Date: Sat, 3 Feb 2024 15:45:48 +0100
Subject: [PATCH] asd

---
 src/middleware/auth.ts      | 17 +++++++++--------
 src/routes/user/password.ts |  2 +-
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts
index 22f9a2fd6..193543617 100644
--- a/src/middleware/auth.ts
+++ b/src/middleware/auth.ts
@@ -24,7 +24,6 @@ export const authMiddleware: RequestHandler = async (req, _, next) => {
 export const authenticationGate = (
     checkElevatedPermissions: boolean,
     bypassIfNoKeys = false,
-    bypassFn: (req: any) => boolean = () => false,
 ): RequestHandler => {
   return async (req, res, next) => {
     if (!req.auth) {
@@ -35,14 +34,12 @@ export const authenticationGate = (
 
     if (!checkElevatedPermissions ||
         ENV.AUTH_REQUIRE_ELEVATED_CLAIM === 'disabled' ||
-        !ENV.AUTH_WEBAUTHN_ENABLED ||
-        auth.elevated ||
-        bypassFn(req)
-       ) {
+        !ENV.AUTH_WEBAUTHN_ENABLED
+    ) {
       return next();
     }
 
-    if (await failsElevatedCheck(auth.userId, bypassIfNoKeys)) {
+    if (await failsElevatedCheck(auth, bypassIfNoKeys)) {
         return sendError(res, 'elevated-claim-required');
     }
 
@@ -50,9 +47,13 @@ export const authenticationGate = (
   };
 }
 
-export const failsElevatedCheck = async (userId: string, bypassIfNoKeys = false) => {
+export const failsElevatedCheck = async (auth: RequestAuth, bypassIfNoKeys = false) => {
+  if (auth.elevated) {
+    return false;
+  }
+
   const response = await gqlSdk.getUserSecurityKeys({
-    id: userId,
+    id: auth.userId,
   });
 
   if (response.authUserSecurityKeys.length === 0 && ENV.AUTH_REQUIRE_ELEVATED_CLAIM === 'recommended') {
diff --git a/src/routes/user/password.ts b/src/routes/user/password.ts
index dd4cb04d4..529d7f58c 100644
--- a/src/routes/user/password.ts
+++ b/src/routes/user/password.ts
@@ -30,7 +30,7 @@ export const userPasswordHandler: RequestHandler<
       return sendError(res, 'unauthenticated-user');
     }
 
-    if (await failsElevatedCheck(req.auth?.userId)) {
+    if (await failsElevatedCheck(req.auth)) {
         return sendError(res, 'elevated-claim-required');
     }