From a009406b466d45f873072d68e8d9061add2cad25 Mon Sep 17 00:00:00 2001 From: adrians5j Date: Mon, 29 Jan 2024 14:55:57 +0100 Subject: [PATCH] fix: sanitize identity-related fields in publishing-related entry factories --- .../createPublishEntryData.ts | 24 +++++++++++-------- .../createRepublishEntryData.ts | 20 +++++++++------- .../createUnpublishEntryData.ts | 9 +++---- 3 files changed, 31 insertions(+), 22 deletions(-) diff --git a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createPublishEntryData.ts b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createPublishEntryData.ts index 5d9a8f86f1d..458d7f2115b 100644 --- a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createPublishEntryData.ts +++ b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createPublishEntryData.ts @@ -2,6 +2,7 @@ import { CmsContext, CmsEntry, CmsModel } from "~/types"; import { STATUS_PUBLISHED } from "./statuses"; import { SecurityIdentity } from "@webiny/api-security/types"; import { validateModelEntryDataOrThrow } from "~/crud/contentEntry/entryDataValidation"; +import { getIdentity } from "~/utils/identity"; type CreatePublishEntryDataParams = { model: CmsModel; @@ -43,11 +44,11 @@ export const createPublishEntryData = async ({ savedOn: currentDateTime, firstPublishedOn: latestEntry.firstPublishedOn || currentDateTime, lastPublishedOn: currentDateTime, - createdBy: latestEntry.createdBy, - modifiedBy: currentIdentity, - savedBy: currentIdentity, - firstPublishedBy: latestEntry.firstPublishedBy || currentIdentity, - lastPublishedBy: currentIdentity, + createdBy: getIdentity(latestEntry.createdBy), + modifiedBy: getIdentity(currentIdentity), + savedBy: getIdentity(currentIdentity), + firstPublishedBy: getIdentity(latestEntry.firstPublishedBy, currentIdentity), + lastPublishedBy: getIdentity(currentIdentity), /** * Revision-level meta fields. 👇 @@ -57,11 +58,14 @@ export const createPublishEntryData = async ({ revisionModifiedOn: currentDateTime, revisionFirstPublishedOn: originalEntry.revisionFirstPublishedOn || currentDateTime, revisionLastPublishedOn: currentDateTime, - revisionCreatedBy: originalEntry.revisionCreatedBy, - revisionSavedBy: currentIdentity, - revisionModifiedBy: currentIdentity, - revisionFirstPublishedBy: originalEntry.revisionFirstPublishedBy || currentIdentity, - revisionLastPublishedBy: currentIdentity + revisionCreatedBy: getIdentity(originalEntry.revisionCreatedBy), + revisionSavedBy: getIdentity(currentIdentity), + revisionModifiedBy: getIdentity(currentIdentity), + revisionFirstPublishedBy: getIdentity( + originalEntry.revisionFirstPublishedBy, + currentIdentity + ), + revisionLastPublishedBy: getIdentity(currentIdentity) }; return { entry }; diff --git a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createRepublishEntryData.ts b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createRepublishEntryData.ts index cf28c1bb458..77925a85289 100644 --- a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createRepublishEntryData.ts +++ b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createRepublishEntryData.ts @@ -2,6 +2,7 @@ import { CmsContext, CmsEntry, CmsModel } from "~/types"; import { referenceFieldsMapping } from "~/crud/contentEntry/referenceFieldsMapping"; import { STATUS_PUBLISHED } from "./statuses"; import { SecurityIdentity } from "@webiny/api-security/types"; +import { getIdentity } from "~/utils/identity"; type CreateRepublishEntryDataParams = { model: CmsModel; @@ -37,24 +38,27 @@ export const createRepublishEntryData = async ({ */ savedOn: currentDateTime, modifiedOn: currentDateTime, - savedBy: currentIdentity, - modifiedBy: currentIdentity, + savedBy: getIdentity(currentIdentity), + modifiedBy: getIdentity(currentIdentity), firstPublishedOn: originalEntry.firstPublishedOn || currentDateTime, - firstPublishedBy: originalEntry.firstPublishedBy || currentIdentity, + firstPublishedBy: getIdentity(originalEntry.firstPublishedBy, currentIdentity), lastPublishedOn: currentDateTime, - lastPublishedBy: currentIdentity, + lastPublishedBy: getIdentity(currentIdentity), /** * Revision-level meta fields. 👇 */ revisionSavedOn: currentDateTime, revisionModifiedOn: currentDateTime, - revisionSavedBy: currentIdentity, - revisionModifiedBy: currentIdentity, + revisionSavedBy: getIdentity(currentIdentity), + revisionModifiedBy: getIdentity(currentIdentity), revisionFirstPublishedOn: originalEntry.revisionFirstPublishedOn || currentDateTime, - revisionFirstPublishedBy: originalEntry.revisionFirstPublishedBy || currentIdentity, + revisionFirstPublishedBy: getIdentity( + originalEntry.revisionFirstPublishedBy, + currentIdentity + ), revisionLastPublishedOn: currentDateTime, - revisionLastPublishedBy: currentIdentity, + revisionLastPublishedBy: getIdentity(currentIdentity), webinyVersion: context.WEBINY_VERSION, values diff --git a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createUnpublishEntryData.ts b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createUnpublishEntryData.ts index b9202e6e2cd..3d7751adafb 100644 --- a/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createUnpublishEntryData.ts +++ b/packages/api-headless-cms/src/crud/contentEntry/entryDataFactories/createUnpublishEntryData.ts @@ -1,6 +1,7 @@ import { CmsContext, CmsEntry, CmsModel } from "~/types"; import { STATUS_UNPUBLISHED } from "./statuses"; import { SecurityIdentity } from "@webiny/api-security/types"; +import { getIdentity } from "~/utils/identity"; type CreateRepublishEntryDataParams = { model: CmsModel; @@ -27,16 +28,16 @@ export const createUnpublishEntryData = async ({ */ savedOn: currentDateTime, modifiedOn: currentDateTime, - savedBy: currentIdentity, - modifiedBy: currentIdentity, + savedBy: getIdentity(currentIdentity), + modifiedBy: getIdentity(currentIdentity), /** * Revision-level meta fields. 👇 */ revisionSavedOn: currentDateTime, revisionModifiedOn: currentDateTime, - revisionSavedBy: currentIdentity, - revisionModifiedBy: currentIdentity + revisionSavedBy: getIdentity(currentIdentity), + revisionModifiedBy: getIdentity(currentIdentity) }; return { entry };