From 7bee4a3a9fa07232092684aa8176494b4a77fb73 Mon Sep 17 00:00:00 2001 From: Erik Cameron Date: Wed, 13 Aug 2025 13:26:37 -0500 Subject: [PATCH 1/2] minor cleanups --- .env.sample | 4 ++-- .gitignore | 3 +++ make-cert.sh | 0 3 files changed, 5 insertions(+), 2 deletions(-) mode change 100644 => 100755 make-cert.sh diff --git a/.env.sample b/.env.sample index 8ebbd4fa..b77aefec 100644 --- a/.env.sample +++ b/.env.sample @@ -1,7 +1,7 @@ MONGODB_URI=mongodb://mongodb:27017/dpdmongo?authSource=admin SESSION_SECRET=foooo -SMTP_HOST=your.smtpserver.com -SMTP_PORT=587 +SMTP_HOST=mailcatcher +SMTP_PORT=1025 SMTP_USER=yoursmtpuser SMTP_PASS=yoursmtppassword ADMIN_EMAIL=adminaccountemail@example.com diff --git a/.gitignore b/.gitignore index d7c676ca..557828cc 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,6 @@ app_build # CDK asset staging directory .cdk.staging cdk.out + +# local SSL +certs diff --git a/make-cert.sh b/make-cert.sh old mode 100644 new mode 100755 From e81f6cdde7e2160d397bf568e08ff58bb522a65e Mon Sep 17 00:00:00 2001 From: Erik Cameron Date: Wed, 13 Aug 2025 13:58:12 -0500 Subject: [PATCH 2/2] fix forbiddens by giving user a default access --- server/controllers/authController/index.js | 1 + server/utils/passport/ensure-authenticated.js | 3 +++ 2 files changed, 4 insertions(+) diff --git a/server/controllers/authController/index.js b/server/controllers/authController/index.js index 6fb121f0..76b9f1ba 100644 --- a/server/controllers/authController/index.js +++ b/server/controllers/authController/index.js @@ -71,6 +71,7 @@ const AuthController = { mail, account_expires, preferences: { config: configuration._id.toString() }, + access: ["MA"], } const newUser = await UserModel.create(appDb, newUserAttributes) const registrationMailer = new RegistrationMailer(newUser) diff --git a/server/utils/passport/ensure-authenticated.js b/server/utils/passport/ensure-authenticated.js index 9d39a147..5db2937a 100644 --- a/server/utils/passport/ensure-authenticated.js +++ b/server/utils/passport/ensure-authenticated.js @@ -21,6 +21,9 @@ export default async function ensureAuthenticated(req, res, next) { return res .status(403) .json({ error: 'Account is blocked, please contact your admin' }) + // this next one is the problem line--- by default the user has no access, + // but that cuts them off from the entire API, including for things + // on their dashboard case access.length === 0: return res.status(403).json({ error: 'Forbidden.' }) default: