diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2019-03-08 16:55:45 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2019-03-08 16:55:45 +0100 |
| commit | ec82ac0f2eadc2c324b81e2252bb8bee88f09319 (patch) | |
| tree | 7c468849f61d2b4a1d2d6b8f7a66772527db19f3 /index.pl | |
| parent | bf4ccb0eabe0f4258bc174a83dfba318d0212af1 (diff) | |
move /action to non-authenticated area to handle session issues
Diffstat (limited to 'index.pl')
| -rwxr-xr-x | index.pl | 25 |
1 files changed, 18 insertions, 7 deletions
@@ -1021,11 +1021,6 @@ get '/reg/:id/:token' => sub { $self->render( 'login', from => 'verification' ); }; -under sub { - my ($self) = @_; - return $self->is_user_authenticated; -}; - post '/action' => sub { my ($self) = @_; my $params = $self->req->json; @@ -1034,13 +1029,25 @@ post '/action' => sub { $params = $self->req->params->to_hash; } + if ( not $self->is_user_authenticated ) { + + # We deliberately do not set the HTTP status for these replies, as it + # confuses jquery. + $self->render( + json => { + success => 0, + error => 'Session error, please login again', + }, + ); + return; + } + if ( not $params->{action} ) { $self->render( json => { success => 0, error => 'Missing action value', }, - status => 400, ); return; } @@ -1111,11 +1118,15 @@ post '/action' => sub { success => 0, error => 'invalid action value', }, - status => 400, ); } }; +under sub { + my ($self) = @_; + return $self->is_user_authenticated; +}; + get '/account' => sub { my ($self) = @_; |