'aticles' mispelled lead to routes not protected

Question

'aticles' mispelled lead to routes not protected

rinn7e opened this issue 6 years ago · 1 comments

While playing with nestjs realworld, I found out that you can create post without user authenticated due to misspelled aticles in article.module.ts https://github.com/lujakob/nestjs-realworld-example-app/blob/master/src/article/article.module.ts#L24-L27

Due to this.userRepository.findOne(userId) where userId is null, return the first user instead of throwing an error, it doesn't help detecting that the user does not exist.

I recommend using this.userRepository.findOne({ where: { id: userId } });
See this TypeORM issues: typeorm/typeorm#2500

Answer 1 · 2019-04-15T07:43:41.000Z

Thanks @rinn7e !! I fixed it.