apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Regression: Fix set name to alias validation (#16347)

Browse Source
pull/16352/head
Diego Sampaio 6 years ago committed by GitHub
parent 91601701f9
commit fd5dcbee8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      app/lib/server/functions/sendMessage.js

4
app/lib/server/functions/sendMessage.js
Unescape View File

@ -148,7 +148,7 @@ const validateUserIdentity = (message, _id) => {
if (!message.alias && !message.avatar) {
return;
}
const forbiddenPropsToChangeWhenUserIsNotABot = ['alias', 'avatar'];
const forbiddenPropsToChangeWhenUserIsNotABot = ['avatar'];
const user = Users.findOneById(_id, { fields: { roles: 1, name: 1 } });
/**
* If the query returns no user, the message has likely
@ -160,7 +160,7 @@ const validateUserIdentity = (message, _id) => {
}
const userIsNotABot = !user.roles.includes('bot');
const messageContainsAnyForbiddenProp = Object.keys(message).some((key) => forbiddenPropsToChangeWhenUserIsNotABot.includes(key));
if ((userIsNotABot && messageContainsAnyForbiddenProp) || (settings.get('Message_SetNameToAliasEnabled') && message.alias !== user.name)) {
if (userIsNotABot && (messageContainsAnyForbiddenProp || (typeof message.alias !== 'undefined' && message.alias !== user.name))) {
throw new Error('You are not authorized to change message properties');
}
};

Write Preview
Loading…
Cancel
Save