accounts
accounts copied to clipboard
Very Serious Bug!!! Failed Oauth but return a user
Bug report
Today I started implementing the Oauth for Apple login and found a big bug !
To Reproduce
The below code will success and return the first user of my database to the requester!
export class AccountsAppleProvider {
async authenticate(params) {
return null;
}
}
Steps to reproduce the behavior, please provide code snippets or a repository. You should add some null check before database finding
async findUserByServiceId(serviceName, serviceId) {
//------ You should add some null check before database query ------
const user = await this.collection.findOne({
[`services.${serviceName}.id`]: serviceId,
});
if (user) {
user.id = user._id.toString();
}
return user;
}```