Merge branch 'login-hotfix' into 'develop'

fix(login): update authsome mode to fix login issue

See merge request !193

packages/xpub-faraday/config/authsome-mode.js

@@ -5,7 +5,7 @@ const { get, pickBy, last, has, pick } = require('lodash')
 const statuses = config.get('statuses')
 const helpers = require('./authsome-helpers')
 
-function unauthenticatedUser(operation, object) {
+function unauthenticatedUser(operation, object, userId) {
   // Public/unauthenticated users can GET /collections, filtered by 'published'
   if (operation === 'GET' && object && object.path === '/collections') {
     return {
@@ -17,8 +17,7 @@ function unauthenticatedUser(operation, object) {
   // Public/unauthenticated users can GET /collections/:id/fragments, filtered by 'published'
   if (
     operation === 'GET' &&
-    object &&
-    object.path === '/collections/:id/fragments'
+    get(object, 'path') === '/collections/:id/fragments'
   ) {
     return {
       filter: fragments => fragments.filter(fragment => fragment.published),
@@ -54,6 +53,16 @@ function unauthenticatedUser(operation, object) {
       return true
     }
   }
+
+  // allow users to authenticate
+  if (
+    operation === 'POST' &&
+    get(object, 'type') === 'user' &&
+    get(object, 'id') === userId
+  ) {
+    return true
+  }
+
   return false
 }
 
@@ -276,7 +285,7 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
 
   // If no individual permissions exist (above), fallback to unauthenticated
   // user's permission
-  return unauthenticatedUser(operation, object)
+  return unauthenticatedUser(operation, object, user.id)
 }
 
 async function applyEditorInChiefPolicy(user, operation, object, context) {
@@ -337,7 +346,7 @@ const authsomeMode = async (userId, operation, object, context) => {
   }
 
   if (!userId) {
-    return unauthenticatedUser(operation, object)
+    return unauthenticatedUser(operation, object, userId)
   }
 
   // It's up to us to retrieve the relevant models for our