fix: added missing authentication check

thorsten · thorsten · commit 27a87fe60035 · 2024-03-09T16:04:30.000+01:00
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/AutoCompleteController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/AutoCompleteController.php
@@ -20,6 +20,7 @@
 use phpMyFAQ\Category;
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Controller\AbstractController;
+use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Faq\FaqPermission;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Helper\SearchHelper;
@@ -34,6 +35,9 @@
 
 class AutoCompleteController extends AbstractController
 {
+    /**
+     * @throws Exception
+     */
     #[Route('api/autocomplete')]
     public function search(Request $request): JsonResponse
     {
diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php
@@ -127,6 +127,8 @@ public function updateData(Request $request): JsonResponse
     #[Route('api/user/password/update', methods: ['PUT'])]
     public function updatePassword(Request $request): JsonResponse
     {
+        $this->userIsAuthenticated();
+
         $configuration = Configuration::getConfigurationInstance();
         $user = CurrentUser::getCurrentUser($configuration);
 

Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,8 @@ public function updateData(Request $request): JsonResponse`
`127`	`127`	`#[Route('api/user/password/update', methods: ['PUT'])]`
`128`	`128`	`public function updatePassword(Request $request): JsonResponse`
`129`	`129`	`{`
	`130`	`+ $this->userIsAuthenticated();`
	`131`	`+`
`130`	`132`	`$configuration = Configuration::getConfigurationInstance();`
`131`	`133`	`$user = CurrentUser::getCurrentUser($configuration);`
`132`	`134`