From b9b01d25dcf06254e2ea7c37adac7bc51cd5a13e Mon Sep 17 00:00:00 2001
From: Archivist <qnekomata@gmail.com>
Date: Mon, 9 Jul 2018 15:14:42 +0200
Subject: [PATCH] sanitized authentication

---
 src/sales_backend.cr | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/sales_backend.cr b/src/sales_backend.cr
index 20a1b23..fd88de9 100644
--- a/src/sales_backend.cr
+++ b/src/sales_backend.cr
@@ -66,8 +66,7 @@ post "/logout" do |context|
 end
 
 post "/logout-all" do |context|
-    authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
-    user = User.from_json context.request.body.not_nil!
+    user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"]))
     user_file = User.from_json File.read(Statics.data_path+"user/"+user.email)
     user_file.tokens=Array(UUID).new
     File.write(Statics.data_path+"user/"+user_file.email,user_file.to_json)