fix: sanitize identity-related fields in publishing-related entry fac…

…tories
webiny · Jan 29, 2024 · a009406 · a009406
1 parent a7719b6
commit a009406
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 22 deletions.
diff --git a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createPublishEntryData.ts b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createPublishEntryData.ts
@@ -2,6 +2,7 @@ import { CmsContext, CmsEntry, CmsModel } from "~/types";
 import { STATUS_PUBLISHED } from "./statuses";
 import { SecurityIdentity } from "@webiny/api-security/types";
 import { validateModelEntryDataOrThrow } from "~/crud/contentEntry/entryDataValidation";
+import { getIdentity } from "~/utils/identity";
 
 type CreatePublishEntryDataParams = {
     model: CmsModel;
@@ -43,11 +44,11 @@ export const createPublishEntryData = async ({
         savedOn: currentDateTime,
         firstPublishedOn: latestEntry.firstPublishedOn || currentDateTime,
         lastPublishedOn: currentDateTime,
-        createdBy: latestEntry.createdBy,
-        modifiedBy: currentIdentity,
-        savedBy: currentIdentity,
-        firstPublishedBy: latestEntry.firstPublishedBy || currentIdentity,
-        lastPublishedBy: currentIdentity,
+        createdBy: getIdentity(latestEntry.createdBy),
+        modifiedBy: getIdentity(currentIdentity),
+        savedBy: getIdentity(currentIdentity),
+        firstPublishedBy: getIdentity(latestEntry.firstPublishedBy, currentIdentity),
+        lastPublishedBy: getIdentity(currentIdentity),
 
         /**
          * Revision-level meta fields. 👇
@@ -57,11 +58,14 @@ export const createPublishEntryData = async ({
         revisionModifiedOn: currentDateTime,
         revisionFirstPublishedOn: originalEntry.revisionFirstPublishedOn || currentDateTime,
         revisionLastPublishedOn: currentDateTime,
-        revisionCreatedBy: originalEntry.revisionCreatedBy,
-        revisionSavedBy: currentIdentity,
-        revisionModifiedBy: currentIdentity,
-        revisionFirstPublishedBy: originalEntry.revisionFirstPublishedBy || currentIdentity,
-        revisionLastPublishedBy: currentIdentity
+        revisionCreatedBy: getIdentity(originalEntry.revisionCreatedBy),
+        revisionSavedBy: getIdentity(currentIdentity),
+        revisionModifiedBy: getIdentity(currentIdentity),
+        revisionFirstPublishedBy: getIdentity(
+            originalEntry.revisionFirstPublishedBy,
+            currentIdentity
+        ),
+        revisionLastPublishedBy: getIdentity(currentIdentity)
     };
 
     return { entry };

diff --git a/...ges/api-headless-cms/src/crud/contentEntry/entryDataFactories/createRepublishEntryData.ts b/...ges/api-headless-cms/src/crud/contentEntry/entryDataFactories/createRepublishEntryData.ts
@@ -2,6 +2,7 @@ import { CmsContext, CmsEntry, CmsModel } from "~/types";
 import { referenceFieldsMapping } from "~/crud/contentEntry/referenceFieldsMapping";
 import { STATUS_PUBLISHED } from "./statuses";
 import { SecurityIdentity } from "@webiny/api-security/types";
+import { getIdentity } from "~/utils/identity";
 
 type CreateRepublishEntryDataParams = {
     model: CmsModel;
@@ -37,24 +38,27 @@ export const createRepublishEntryData = async ({
          */
         savedOn: currentDateTime,
         modifiedOn: currentDateTime,
-        savedBy: currentIdentity,
-        modifiedBy: currentIdentity,
+        savedBy: getIdentity(currentIdentity),
+        modifiedBy: getIdentity(currentIdentity),
         firstPublishedOn: originalEntry.firstPublishedOn || currentDateTime,
-        firstPublishedBy: originalEntry.firstPublishedBy || currentIdentity,
+        firstPublishedBy: getIdentity(originalEntry.firstPublishedBy, currentIdentity),
         lastPublishedOn: currentDateTime,
-        lastPublishedBy: currentIdentity,
+        lastPublishedBy: getIdentity(currentIdentity),
 
         /**
          * Revision-level meta fields. 👇
          */
         revisionSavedOn: currentDateTime,
         revisionModifiedOn: currentDateTime,
-        revisionSavedBy: currentIdentity,
-        revisionModifiedBy: currentIdentity,
+        revisionSavedBy: getIdentity(currentIdentity),
+        revisionModifiedBy: getIdentity(currentIdentity),
         revisionFirstPublishedOn: originalEntry.revisionFirstPublishedOn || currentDateTime,
-        revisionFirstPublishedBy: originalEntry.revisionFirstPublishedBy || currentIdentity,
+        revisionFirstPublishedBy: getIdentity(
+            originalEntry.revisionFirstPublishedBy,
+            currentIdentity
+        ),
         revisionLastPublishedOn: currentDateTime,
-        revisionLastPublishedBy: currentIdentity,
+        revisionLastPublishedBy: getIdentity(currentIdentity),
 
         webinyVersion: context.WEBINY_VERSION,
         values

diff --git a/...ges/api-headless-cms/src/crud/contentEntry/entryDataFactories/createUnpublishEntryData.ts b/...ges/api-headless-cms/src/crud/contentEntry/entryDataFactories/createUnpublishEntryData.ts
@@ -1,6 +1,7 @@
 import { CmsContext, CmsEntry, CmsModel } from "~/types";
 import { STATUS_UNPUBLISHED } from "./statuses";
 import { SecurityIdentity } from "@webiny/api-security/types";
+import { getIdentity } from "~/utils/identity";
 
 type CreateRepublishEntryDataParams = {
     model: CmsModel;
@@ -27,16 +28,16 @@ export const createUnpublishEntryData = async ({
          */
         savedOn: currentDateTime,
         modifiedOn: currentDateTime,
-        savedBy: currentIdentity,
-        modifiedBy: currentIdentity,
+        savedBy: getIdentity(currentIdentity),
+        modifiedBy: getIdentity(currentIdentity),
 
         /**
          * Revision-level meta fields. 👇
          */
         revisionSavedOn: currentDateTime,
         revisionModifiedOn: currentDateTime,
-        revisionSavedBy: currentIdentity,
-        revisionModifiedBy: currentIdentity
+        revisionSavedBy: getIdentity(currentIdentity),
+        revisionModifiedBy: getIdentity(currentIdentity)
     };
 
     return { entry };