@86d-app/reviews 0.0.21 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/store/endpoints/submit-review.ts +3 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@86d-app/reviews",
3
- "version": "0.0.21",
3
+ "version": "0.0.22",
4
4
  "description": "Product reviews and ratings module for 86d commerce platform",
5
5
  "keywords": [
6
6
  "commerce",
package/src/store/endpoints/submit-review.ts CHANGED
@@ -38,9 +38,9 @@ export const submitReview = createStoreEndpoint(
38
38
  }
39
39
  }
40
40
 
41
- // Use session email when authenticated to prevent spoofing
42
- const authorEmail = customerId
43
- ? (ctx.context.session?.user.email ?? ctx.body.authorEmail)
41
+ // Authenticated users must use session email never fall back to body
42
+ const authorEmail = ctx.context.session
43
+ ? ctx.context.session.user.email
44
44
  : ctx.body.authorEmail;
45
45
 
46
46
  const review = await controller.createReview({