|
mw.onlySecretariat, |
|
mw.validateUser, |
|
parseError, |
|
parsePostParams, |
|
controller.CREATE_ORG |
the middleware is in an unexpected order (checking for Secretariat role before authentication). Here, isSecretariatByShortName will be called on any string in the CVE-API-ORG HTTP request header, even if the organization does not exist. Then, org.authority.includes('SECRETARIAT') is called on the null result, leading to TypeError.
cve-services/src/controller/registry-org.controller/index.js
Lines 215 to 219 in 0e528de
the middleware is in an unexpected order (checking for Secretariat role before authentication). Here, isSecretariatByShortName will be called on any string in the CVE-API-ORG HTTP request header, even if the organization does not exist. Then, org.authority.includes('SECRETARIAT') is called on the null result, leading to TypeError.