github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-01 08:48:28 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

fix: don't panic when using api token when not correctly put into context (#1119)

Browse Source
This commit is contained in:
kolaente
2025-07-15 23:26:28 +02:00
committed by GitHub
parent 95df6190f7
commit 42534cdd79
3 changed files with 49 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/user/user.go
View File

@@ -429,7 +429,21 @@ func GetCurrentUserFromDB(s *xorm.Session, c echo.Context) (user *User, err erro
// GetCurrentUser returns the current user based on its jwt token
func GetCurrentUser(c echo.Context) (user *User, err error) {
jwtinf := c.Get("user").(*jwt.Token)
if apiUser, ok := c.Get("api_user").(*User); ok {
return apiUser, nil
}
jwtinf, is := c.Get("user").(*jwt.Token)
if jwtinf == nil {
log.Error("No user found in context")
return nil, ErrInvalidUserContext{Reason: "no user found in context"}
}
if !is {
log.Errorf("User in context is not a JWT token, got type: %T", jwtinf)
return nil, ErrInvalidUserContext{Reason: "user in context is not a JWT token"}
}
claims := jwtinf.Claims.(jwt.MapClaims)
return GetUserFromClaims(claims)
}