Added CSRF protection to all API calls. /api/account AJAX calls updated.

2024-12-29 21:40:50 -05:00 · 2024-12-29 21:40:50 -05:00 · 106b0fcddb
commit 106b0fcddb
parent 7e0c8e72c5
11 changed files with 149 additions and 14 deletions
--- a/src/schemas/user/userSchema.js
+++ b/src/schemas/user/userSchema.js
@ -409,10 +409,13 @@ userSchema.methods.getAuthenticatedSessions = async function(){

            //crawl through active sessions
            sessions.forEach((session) => {
-                //if a session matches the current user
-                if(session.user.id == this.id){
-                    //we return it
-                    returnArr.push(session);
+                //Skip un-authed sessions
+                if(session.user != null){
+                    //if a session matches the current user
+                    if(session.user.id == this.id){
+                        //we return it
+                        returnArr.push(session);
+                    }
                }
            });