From 172356981683d59ed7b57d33911dc9d96b7e5f65 Mon Sep 17 00:00:00 2001
From: Baptiste Buvron <baptiste.buvron@gmail.com>
Date: Thu, 22 Jun 2023 13:08:48 +0200
Subject: [PATCH] fix security check

---
 app/passport/passportFunctions.ts | 2 +-
 app/routes/MainRouter.ts          | 6 +++---
 app/routes/OfferRouter.ts         | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/passport/passportFunctions.ts b/app/passport/passportFunctions.ts
index 53cddc7..cd83ad5 100644
--- a/app/passport/passportFunctions.ts
+++ b/app/passport/passportFunctions.ts
@@ -97,7 +97,7 @@ function loggedIn() {
             next();
         } else {
             let message = "Vous n'êtes pas connecté";
-            res.redirect(`/login?message=${message}`, {title: "Connexion"});
+            res.redirect(`/login?message=${message}`);
         }
     };
 }
diff --git a/app/routes/MainRouter.ts b/app/routes/MainRouter.ts
index 99aecf4..54f2038 100644
--- a/app/routes/MainRouter.ts
+++ b/app/routes/MainRouter.ts
@@ -7,7 +7,7 @@ import {createCSRFToken} from "../middlewares/CSRFMiddlewares";
 const {v4: uuidv4} = require("uuid");
 const session = require("express-session");
 const FileStore = require("session-file-store")(session);
-const {passport, checkRole} = require("../passport/passportFunctions");
+const {passport, checkRole, checkRoleTwoProfile} = require("../passport/passportFunctions");
 
 export const defaultRouter = Router();
 
@@ -60,8 +60,8 @@ defaultRouter.post("/canditature/:numero", checkRole("Candidat"), upload.fields(
     {name: 'cv', maxCount: 1},
     {name: 'lettre', maxCount: 1}
 ]), CandidatureController.candidater);
-defaultRouter.get("/candidature/:email/:numero", CandidatureController.candidature);
-defaultRouter.get("/download/:id", CandidatureController.getFile);
+defaultRouter.get("/candidature/:email/:numero", checkRoleTwoProfile("Candidat", "Recruteur"), CandidatureController.candidature);
+defaultRouter.get("/download/:id", checkRoleTwoProfile("Candidat", "Recruteur"), CandidatureController.getFile);
 
 
 defaultRouter.post(
diff --git a/app/routes/OfferRouter.ts b/app/routes/OfferRouter.ts
index 13b339e..49a4ed1 100644
--- a/app/routes/OfferRouter.ts
+++ b/app/routes/OfferRouter.ts
@@ -8,4 +8,4 @@ offerRouter.use(passport.initialize());
 offerRouter.use(passport.session());
 offerRouter.get("/creation", checkRole("Recruteur"), OfferController.creation);
 offerRouter.post("/creation", checkRole("Recruteur"), OfferController.creation);
-offerRouter.get("/:numero", OfferController.offre);
+offerRouter.get("/:numero", loggedIn(), OfferController.offre);