🐛 (#69) Keep _users docs not managed by couchAuth

Log a warning + reject as invalid session, but do not delete the doc
perfood · Mar 22, 2023 · 886f449 · 886f449
1 parent 9d703fe
commit 886f449
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/user.ts b/src/user.ts
@@ -1305,6 +1305,12 @@ export class User {
   public async confirmSession(key: string, password: string) {
     try {
       const doc = await this.dbAuth.retrieveKey(key);
+      if (!doc.provider || !doc.expires) {
+        const msg = `_users doc ${key} is not managed by CouchAuth`;
+        console.warn(msg);
+        throw msg;
+      }
+
       if (doc.expires > Date.now()) {
         doc._id = doc.user_id;
         delete doc.user_id;