You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In both the above mentioned files, the middleware just checks if the token is valid or not. However, it does not distinguish whether the token sent corresponds to a user or an admin. Consequently, a user can potentially access admin features by providing their token, and vice versa.
After token verification, the middleware should additionally validate whether the associated username belongs to an admin. If not, it should send an authentication failed error.
The text was updated successfully, but these errors were encountered:
week-3/04-mongo-with-jwt-auth/solution/middleware/admin.js
week-3/04-mongo-with-jwt-auth/solution/middleware/admin.js
In both the above mentioned files, the middleware just checks if the token is valid or not. However, it does not distinguish whether the token sent corresponds to a user or an admin. Consequently, a user can potentially access admin features by providing their token, and vice versa.
After token verification, the middleware should additionally validate whether the associated username belongs to an admin. If not, it should send an authentication failed error.
The text was updated successfully, but these errors were encountered: