Guard against prepaid maxRedeemer properties being strings

2025-04-27 06:23:41 -04:00 · 2015-11-10 11:27:46 -08:00 · 2015-11-10 11:27:46 -08:00 · b63daf5a18
commit b63daf5a18
parent 0c5b39e029
2 changed files with 6 additions and 3 deletions
--- a/server/prepaids/Prepaid.coffee
+++ b/server/prepaids/Prepaid.coffee
@ -19,4 +19,7 @@ PrepaidSchema.pre('save', (next) ->
  next()
 )

+PrepaidSchema.post 'init', (doc) ->
+  doc.set('maxRedeemers', parseInt(doc.get('maxRedeemers')))
+
 module.exports = Prepaid = mongoose.model('prepaid', PrepaidSchema)
--- a/server/prepaids/prepaid_handler.coffee
+++ b/server/prepaids/prepaid_handler.coffee
@ -47,7 +47,7 @@ PrepaidHandler = class PrepaidHandler extends Handler
  createPrepaidAPI: (req, res) ->
    return @sendForbiddenError(res) unless @hasAccess(req)
    return @sendForbiddenError(res) unless req.body.type in ['course', 'subscription','terminal_subscription']
-    return @sendForbiddenError(res) unless req.body.maxRedeemers > 0
+    return @sendForbiddenError(res) unless parseInt(req.body.maxRedeemers) > 0

    properties = {}
    type = req.body.type
@ -107,7 +107,7 @@ PrepaidHandler = class PrepaidHandler extends Handler
        creator: user._id
        type: type
        code: code
-        maxRedeemers: maxRedeemers
+        maxRedeemers: parseInt(maxRedeemers)
        properties: properties
        redeemers: []

@ -222,7 +222,7 @@ PrepaidHandler = class PrepaidHandler extends Handler
              creator: user._id
              type: type
              code: code
-              maxRedeemers: maxRedeemers
+              maxRedeemers: parseInt(maxRedeemers)
              redeemers: []
              properties:
                months: months