Overwrite activeRole cookie when it's not contained in allowed role…

…s list (#1131) overwrite `activeRole` cookie when it's not contained in allowed roles
NASA-AMMOS · Feb 26, 2024 · 22900e6 · 22900e6
1 parent e1ffda3
commit 22900e6
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
@@ -100,8 +100,8 @@ const handleSSOAuth: Handle = async ({ event, resolve }) => {
       event.cookies.set('user', userCookie, cookieOpts);
     }
 
-    // don't overwrite existing activeRole
-    if (!activeRoleCookie || activeRoleCookie === 'deleted') {
+    // don't overwrite existing activeRole, unless it doesn't exist anymore
+    if (!activeRoleCookie || activeRoleCookie === 'deleted' || !roles.allowedRoles.includes(activeRoleCookie)) {
       event.cookies.set('activeRole', roles.defaultRole, cookieOpts);
     }
   }