summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2019-03-08 16:55:45 +0100
committerDaniel Friesel <derf@finalrewind.org>2019-03-08 16:55:45 +0100
commitec82ac0f2eadc2c324b81e2252bb8bee88f09319 (patch)
tree7c468849f61d2b4a1d2d6b8f7a66772527db19f3
parentbf4ccb0eabe0f4258bc174a83dfba318d0212af1 (diff)
move /action to non-authenticated area to handle session issues
-rwxr-xr-xindex.pl25
1 files changed, 18 insertions, 7 deletions
diff --git a/index.pl b/index.pl
index 6331d45..03a344a 100755
--- a/index.pl
+++ b/index.pl
@@ -1021,11 +1021,6 @@ get '/reg/:id/:token' => sub {
$self->render( 'login', from => 'verification' );
};
-under sub {
- my ($self) = @_;
- return $self->is_user_authenticated;
-};
-
post '/action' => sub {
my ($self) = @_;
my $params = $self->req->json;
@@ -1034,13 +1029,25 @@ post '/action' => sub {
$params = $self->req->params->to_hash;
}
+ if ( not $self->is_user_authenticated ) {
+
+ # We deliberately do not set the HTTP status for these replies, as it
+ # confuses jquery.
+ $self->render(
+ json => {
+ success => 0,
+ error => 'Session error, please login again',
+ },
+ );
+ return;
+ }
+
if ( not $params->{action} ) {
$self->render(
json => {
success => 0,
error => 'Missing action value',
},
- status => 400,
);
return;
}
@@ -1111,11 +1118,15 @@ post '/action' => sub {
success => 0,
error => 'invalid action value',
},
- status => 400,
);
}
};
+under sub {
+ my ($self) = @_;
+ return $self->is_user_authenticated;
+};
+
get '/account' => sub {
my ($self) = @_;