Fix issue with ability to create admin user by setting referrer

master
Mark Moffat 2018-05-30 18:35:17 +09:30
parent c674f86576
commit baccaae9b0
1 changed files with 48 additions and 43 deletions

View File

@ -146,8 +146,12 @@ router.post('/admin/user/insert', common.restrict, (req, res) => {
// set the account to admin if using the setup form. Eg: First user account
let urlParts = url.parse(req.header('Referer'));
// Check number of users
db.users.count({}, (err, userCount) => {
let isAdmin = false;
if(urlParts.path === '/admin/setup'){
// if no users, setup user as admin
if(userCount === 0){
isAdmin = true;
}
@ -198,6 +202,7 @@ router.post('/admin/user/insert', common.restrict, (req, res) => {
res.redirect('/admin/users');
});
});
});
});
module.exports = router;