neoris/openvidu-meet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: update token and role validator to allow access to change-password and me endpoints when password change is required

Browse Source
This commit is contained in:
juancarmore 2026-01-26 18:23:02 +01:00
parent fb4e7a022c
commit e0e2fc2a44
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
meet-ce/backend/src/middlewares/auth.middleware.ts
View File

@ -135,11 +135,11 @@ export const tokenAndRoleValidator = (...roles: MeetUserRole[]): AuthValidator =
// Check if password change is required
if (user.mustChangePassword) {
// Allow only change password endpoint when password change is required
// Allow only change-password and me endpoints
const requestPath = req.path;
const allowedPath = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/users/change-password`;
const allowedPaths = ['/change-password', '/me'];
if (requestPath !== allowedPath) {
if (!allowedPaths.includes(requestPath)) {
throw errorPasswordChangeRequired();
}
}