Merge pull request #3986 from withspectrum/2.4.40

2.4.40

Author: brianlovin

api/authentication.js

@@ -46,6 +46,9 @@ const GITHUB_OAUTH_CLIENT_ID = IS_PROD
   ? '208a2e8684d88883eded'
   : 'ed3e924f4a599313c83b';
 
+const isSerializedJSON = (str: string) =>
+  str[0] === '{' && str[str.length - 1] === '}';
+
 const init = () => {
   // Setup use serialization
   passport.serializeUser((user, done) => {
@@ -56,19 +59,21 @@ const init = () => {
   // to avoid having to go to the db on every single request. We have to handle both
   // cases here, as more and more users use Spectrum again we go to the db less and less
   passport.deserializeUser((data, done) => {
-    // Fast path: try to JSON.parse the data if it works, we got the user data, yay!
-    try {
-      const user = JSON.parse(data);
-      // Make sure more than the user ID is in the data by checking any other required
-      // field for existance
-      if (user.id && user.createdAt) {
+    // Fast path: we got the full user data in the cookie
+    if (isSerializedJSON(data)) {
+      let user;
+      // Ignore errors if our isSerializedJSON heuristic is wrong and `data` isn't serialized JSON
+      try {
+        user = JSON.parse(data);
+      } catch (err) {}
+
+      if (user && user.id && user.createdAt) {
         return done(null, user);
       }
-      // Ignore JSON parsing errors
-    } catch (err) {}
+    }
 
     // Slow path: data is just the userID (legacy), so we have to go to the db to get the full data
-    getUser({ id: data })
+    return getUser({ id: data })
       .then(user => {
         done(null, user);
       })

api/mutations/user/editUser.js

@@ -13,8 +13,8 @@ export default requireAuth(
     args: EditUserInput,
     { user, updateCookieUserData }: GraphQLContext
   ) => {
-    const dbUser = await getUser({ username: args.input.username });
-
+    const currentUser = user;
+    // If the user is trying to change their username check whether there's a person with that username already
     if (args.input.username) {
       if (
         args.input.username === 'null' ||
@@ -31,6 +31,7 @@ export default requireAuth(
         return new UserError('Nice try! 😉');
       }
 
+      const dbUser = await getUser({ username: args.input.username });
       if (dbUser && dbUser.id !== user.id) {
         trackQueue.add({
           userId: user.id,
@@ -47,8 +48,9 @@ export default requireAuth(
     }
 
     await updateCookieUserData({
-      ...dbUser,
-      ...{ ...args.input, file: undefined },
+      ...(await getUser({ id: currentUser.id })),
+      ...args.input,
+      file: undefined,
     });
     return editUser(args, user.id);
   }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "Spectrum",
-  "version": "2.4.39",
+  "version": "2.4.40",
   "license": "BSD-3-Clause",
   "devDependencies": {
     "babel-cli": "^6.24.1",