From 777176f22b341423ac9ccbaac4b38a4a308e84c7 Mon Sep 17 00:00:00 2001
From: mboudet <mateo.boudet@gmail.com>
Date: Fri, 10 Jan 2025 16:01:37 +0100
Subject: [PATCH 1/4] Update users.js

---
 routes/users.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/routes/users.js b/routes/users.js
index b8d04e60b..2ee2b0f1f 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -193,8 +193,8 @@ router.put('/user/:id/subscribe', async function(req, res) {
 
     let isadmin = false;
     try {
-        let user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
-        isadmin = await rolsrv.is_admin(user);
+        let session_user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
+        isadmin = await rolsrv.is_admin(session_user);
     } catch (e) {
         logger.error(e);
         res.status(404).send({ message: 'User session not found' });
@@ -202,7 +202,7 @@ router.put('/user/:id/subscribe', async function(req, res) {
     }
 
     // if not user nor admin
-    if (req.locals.logInfo.id !== req.params.id && !isadmin) {
+    if (session_user.uid !== req.params.id && !isadmin) {
         res.status(401).send({ message: 'Not authorized' });
         return;
     }
@@ -232,8 +232,8 @@ router.put('/user/:id/unsubscribe', async function(req, res) {
 
     let isadmin = false;
     try {
-        let user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
-        isadmin = await rolsrv.is_admin(user);
+        let session_user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
+        isadmin = await rolsrv.is_admin(session_user);
     } catch (e) {
         logger.error(e);
         res.status(404).send({ message: 'User session not found' });
@@ -241,7 +241,7 @@ router.put('/user/:id/unsubscribe', async function(req, res) {
     }
 
     // if not user nor admin
-    if (req.locals.logInfo.id !== req.params.id && !isadmin) {
+    if (session_user.uid !== req.params.id && !isadmin) {
         res.status(401).send({ message: 'Not authorized' });
         return;
     }

From 42f40b3da5b727d19456af69a4f2ac4ea486783d Mon Sep 17 00:00:00 2001
From: mboudet <mateo.boudet@gmail.com>
Date: Fri, 10 Jan 2025 16:02:13 +0100
Subject: [PATCH 2/4] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index be3a78be5..9b5bc091c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## 1.4.32 (Unreleased)
 
+* Fix error when subscribing / unsubscribing to email
 * Clearer error message when adding a website
 * Add User, Project and Group static classes to front end (refactor)
 * Add checks for website owner update

From a5159403d684ffa301a19f1a3c83718b90fc1ec8 Mon Sep 17 00:00:00 2001
From: mboudet <mateo.boudet@gmail.com>
Date: Fri, 10 Jan 2025 16:07:38 +0100
Subject: [PATCH 3/4] Update users.js

---
 routes/users.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/routes/users.js b/routes/users.js
index 2ee2b0f1f..94bf2bf43 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -191,9 +191,10 @@ router.put('/user/:id/subscribe', async function(req, res) {
         return;
     }
 
+    let session_user = null;
     let isadmin = false;
     try {
-        let session_user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
+        session_user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
         isadmin = await rolsrv.is_admin(session_user);
     } catch (e) {
         logger.error(e);
@@ -230,9 +231,10 @@ router.put('/user/:id/unsubscribe', async function(req, res) {
         return;
     }
 
+    let session_user = null;
     let isadmin = false;
     try {
-        let session_user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
+        let user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
         isadmin = await rolsrv.is_admin(session_user);
     } catch (e) {
         logger.error(e);

From 98af278d44e4a9b5a5d1682bd6afb71ff6187423 Mon Sep 17 00:00:00 2001
From: mboudet <mateo.boudet@gmail.com>
Date: Fri, 10 Jan 2025 16:09:51 +0100
Subject: [PATCH 4/4] Update users.js

---
 routes/users.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routes/users.js b/routes/users.js
index 94bf2bf43..59f372223 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -234,7 +234,7 @@ router.put('/user/:id/unsubscribe', async function(req, res) {
     let session_user = null;
     let isadmin = false;
     try {
-        let user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
+        session_user = await dbsrv.mongo_users().findOne({ _id: req.locals.logInfo.id });
         isadmin = await rolsrv.is_admin(session_user);
     } catch (e) {
         logger.error(e);