mbkauthe 4.8.2 → 4.8.3

package/lib/middleware/auth.js

@@ -510,14 +510,14 @@ const checkRolePermission = (requiredRoles, notAllowed) => {
         });
       }
 
+      // Use role from validateSession to avoid additional DB query
+      const userRole = req.userRole;
+
       // SuperAdmin bypasses all role checks
-      if(req.session.role === "SuperAdmin") {
+      if(req.session.role === "SuperAdmin" || userRole === "SuperAdmin") {
         return next();
       }
 
-      // Use role from validateSession to avoid additional DB query
-      const userRole = req.userRole;
-
       // Check notAllowed role
       if (notAllowed && userRole === notAllowed) {
         if (isJsonRequest(req)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "4.8.2",
+  "version": "4.8.3",
   "description": "MBKTech's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",

package/views/pages/2fa.handlebars

@@ -84,6 +84,7 @@
             try {
                 const response = await fetch('/mbkauthe/api/verify-2fa', {
                     method: 'POST',
+                    credentials: 'include',
                     headers: {
                         'Content-Type': 'application/json'
                     },

package/views/pages/loginmbkauthe.handlebars

@@ -287,6 +287,7 @@
             const pageRedirect = new URLSearchParams(window.location.search).get('redirect');
             fetch('/mbkauthe/api/login', {
                 method: 'POST',
+                credentials: 'include',
                 headers: {
                     'Content-Type': 'application/json'
                 },