Patched Team Join Impersonation bug

EnderHubris · EnderHubris · commit 5ee9609af859 · 2025-06-12T23:45:55.000-04:00
diff --git a/src/backend/db.js b/src/backend/db.js
@@ -890,6 +890,21 @@ async function SendTeamRequest(sender, team_name) {
     // in the database or if it is a new join-request
     const teamRecord = await TeamCollection.findOne({ name: team_name });
     if (teamRecord) {
+        // check if the sender is already inclueded in the team profile based on team_name
+        const userRecord = await UserCollection.findOne({ username: sender });
+        if (userRecord) {
+            if (userRecord.team_id === teamRecord._id.toString()) {
+                return {
+                    "message": "Could not send request, try again!"
+                };
+            }
+        } else {
+            // user not found
+            return {
+                "message": "Could not send request, try again!"
+            };
+        }
+
         // if the team already has 3 members we need to drop
         // this join-request due to the team being full
         if (teamRecord.members.length === 3) {
@@ -909,7 +924,6 @@ async function SendTeamRequest(sender, team_name) {
         if (requestObject === null) {
             // pull the users _id from the sender variable so if they
             // change their username we maintain data-connection
-            const userRecord = await UserCollection.findOne({ username: sender });
             if (userRecord) {
                 /*
                     sender_id: String, // '_id'
diff --git a/src/backend/server.js b/src/backend/server.js
@@ -366,7 +366,7 @@ app.post('/team/request', async (req, res) => {
     const validJWT = await DecodeJWT(res, token);
 
     if (validJWT) {
-        const teamRequest = await SendTeamRequest(data.sender, data.team_name);
+        const teamRequest = await SendTeamRequest(validJWT.username, data.team_name);
         return res.json(teamRequest);
     } else {
         return res.json(null);
diff --git a/src/pages/team.js b/src/pages/team.js
@@ -88,7 +88,6 @@ const Team = () => {
             "Content-Type": "application/json"
         },
         body: JSON.stringify({
-          "sender": profileData.username,
           "team_name": reqTeamName
         }),
         credentials: 'include'  // ensures cookies are sent
