From b9b01d25dcf06254e2ea7c37adac7bc51cd5a13e Mon Sep 17 00:00:00 2001 From: Archivist Date: Mon, 9 Jul 2018 15:14:42 +0200 Subject: [PATCH] sanitized authentication --- src/sales_backend.cr | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/sales_backend.cr b/src/sales_backend.cr index 20a1b23..fd88de9 100644 --- a/src/sales_backend.cr +++ b/src/sales_backend.cr @@ -66,8 +66,7 @@ post "/logout" do |context| end post "/logout-all" do |context| - authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) - user = User.from_json context.request.body.not_nil! + user = authenticate!(context.request.headers["user"],UUID.new(context.request.headers["api_token"])) user_file = User.from_json File.read(Statics.data_path+"user/"+user.email) user_file.tokens=Array(UUID).new File.write(Statics.data_path+"user/"+user_file.email,user_file.to_json)