Skip to content

Commit

Permalink
Don't show code giveaways for people who are not logged in (#1311)
Browse files Browse the repository at this point in the history
  • Loading branch information
nygrenh authored Sep 9, 2024
1 parent c7da267 commit 784da78
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import styled from "@emotion/styled"
import { useQuery } from "@tanstack/react-query"
import { useContext } from "react"
import { useTranslation } from "react-i18next"

import { BlockRendererProps } from "../.."
Expand All @@ -9,6 +10,7 @@ import ClaimCode from "./ClaimCode"

import { getCodeGiveawayStatus } from "@/services/backend"
import ErrorBanner from "@/shared-module/common/components/ErrorBanner"
import LoginStateContext from "@/shared-module/common/contexts/LoginStateContext"
import { assertNotNullOrUndefined } from "@/shared-module/common/utils/nullability"

interface CodeGiveawayBlockProps {
Expand All @@ -25,20 +27,21 @@ const CodeGiveawayBlock: React.FC<
React.PropsWithChildren<BlockRendererProps<CodeGiveawayBlockProps>>
> = (props) => {
const { t } = useTranslation()
const loginContext = useContext(LoginStateContext)

const codeGiveawayId = props.data.attributes.code_giveaway_id

const codeGiveawayStatusQuery = useQuery({
queryKey: ["fetchCodeGiveawayStatus", codeGiveawayId],
queryFn: () => getCodeGiveawayStatus(assertNotNullOrUndefined(codeGiveawayId)),
enabled: !!codeGiveawayId,
enabled: Boolean(!!codeGiveawayId && loginContext.signedIn),
})

if (!codeGiveawayId) {
return <ErrorBanner variant="readOnly" error={t("error-no-code-giveaway-id")} />
}

if (codeGiveawayStatusQuery.isLoading) {
if (!loginContext.signedIn || codeGiveawayStatusQuery.isLoading) {
return null
}

Expand Down
4 changes: 2 additions & 2 deletions services/headless-lms/server/src/domain/authorization.rs
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,15 @@ impl FromRequest for AuthUser {
Ok(Some(user)) => Ok(verify_auth_user_exists(user, pool, &session).await?),
Ok(None) => Err(ControllerError::new(
ControllerErrorType::Unauthorized,
"Unauthorized.".to_string(),
"Unauthorized. You're not logged in.".to_string(),
None,
)),
Err(_) => {
// session had an invalid value
session.remove(SESSION_KEY);
Err(ControllerError::new(
ControllerErrorType::Unauthorized,
"Unauthorized.".to_string(),
"Unauthorized. You're not logged in.".to_string(),
// Don't want to leak too many details from the error to the user
None,
))
Expand Down

0 comments on commit 784da78

Please sign in to comment.