X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=38c5d744e46dc64cc7ea071050c9e17c3061c2c5;hb=d984579275749c77309722664f7def93066b2096;hp=7d886b2cc579676d47c0b8a629a055d1dc6419da;hpb=58aedcd1f49272a6f0dfb7adeeb7650d7daeb75e;p=vchess.git

diff --git a/server/routes/users.js b/server/routes/users.js
index 7d886b2c..38c5d744 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -48,7 +48,7 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => {
           name: name,
           email: email
         };
-        setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
+        setAndSendLoginToken("Welcome to " + params.siteURL, user);
         res.json({});
       }
     });
@@ -83,7 +83,7 @@ router.get("/whoami", access.ajax, (req,res) => {
 router.get("/users", access.ajax, (req,res) => {
   const ids = req.query["ids"];
   // NOTE: slightly too permissive RegExp
-  if (ids.match(/^([0-9]+,?)+$/)) {
+  if (!!ids && !!ids.match(/^([0-9]+,?)+$/)) {
     UserModel.getByIds(ids, (err, users) => {
       res.json({ users: users });
     });
@@ -108,7 +108,7 @@ router.put('/update', access.logged, access.ajax, (req,res) => {
 // Authentication-related methods:
 
 // to: object user (to who we send an email)
-function setAndSendLoginToken(subject, to, res) {
+function setAndSendLoginToken(subject, to) {
   // Set login token and send welcome(back) email with auth link
   const token = genToken(params.token.length);
   UserModel.setLoginToken(token, to.id);
@@ -128,7 +128,7 @@ router.get('/sendtoken', access.unlogged, access.ajax, (req,res) => {
   if (UserModel.checkNameEmail({ [type]: nameOrEmail })) {
     UserModel.getOne(type, nameOrEmail, (err,user) => {
       access.checkRequest(res, err, user, "Unknown user", () => {
-        setAndSendLoginToken("Token for " + params.siteURL, user, res);
+        setAndSendLoginToken("Token for " + params.siteURL, user);
         res.json({});
       });
     });