Move skip password verification logic to accesscontrol.js

This commit is contained in:
Girish Ramakrishnan
2018-06-17 15:17:39 -07:00
parent c3631350cf
commit db8b6838bb
2 changed files with 6 additions and 4 deletions

View File

@@ -121,8 +121,7 @@ function remove(req, res, next) {
function verifyPassword(req, res, next) {
assert.strictEqual(typeof req.body, 'object');
// using an 'sdk' token we skip password checks
if (req.authInfo.clientId === 'cid-sdk' || req.authInfo.clientId === 'cid-cli') return next();
if (req.authInfo.skipPasswordVerification) return next(); // using an 'sdk' token we skip password checks
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));