From 34f9abbb1c308f648b13626c83b5357fa1c377b1 Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Thu, 18 Jun 2020 13:16:36 +0200
Subject: [PATCH] Fix security issue

---
 src/controllers/ConversationsController.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controllers/ConversationsController.ts b/src/controllers/ConversationsController.ts
index 983f492..d5a10e3 100644
--- a/src/controllers/ConversationsController.ts
+++ b/src/controllers/ConversationsController.ts
@@ -181,7 +181,7 @@ export class ConversationsController {
 		// Check for new conversations
 		if(h.hasPostParameter("newConversations")) {
 			for(const convID of h.postNumbersSet("newConversations", 0)) {
-				if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
+				if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
 					h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
 				
 				list["conversation-" + convID] = (await ConversationsHelper.GetLastMessages(convID, 10))
@@ -211,7 +211,7 @@ export class ConversationsController {
 					const lastMessageID = Number.parseInt(element.last_message_id);
 
 					// Check user rights
-					if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
+					if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
 						h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
 					
 					// Get the messages