From 6060d5a6d1de8175a2991a3a35e9bb05eff877a6 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Fri, 22 May 2020 20:16:44 +0000
Subject: [PATCH]

---
 server/AyaNova/Startup.cs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs
index 5471d58d..03cba693 100644
--- a/server/AyaNova/Startup.cs
+++ b/server/AyaNova/Startup.cs
@@ -388,7 +388,7 @@ namespace AyaNova
                     }
 
                     //Get the database context
-                    var ct = context.RequestServices.GetService<AyContext>();                   
+                    var ct = context.RequestServices.GetService<AyContext>();
 
                     //get the user record
                     var u = await ct.User.AsNoTracking().Where(a => a.Id == userId).Select(m => new { roles = m.Roles, name = m.Name, id = m.Id, translationId = m.UserOptions.TranslationId, currentAuthToken = m.CurrentAuthToken }).FirstAsync();
@@ -397,8 +397,12 @@ namespace AyaNova
                     context.Request.HttpContext.Items["AY_USER_ID"] = u.id;
                     context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
 
-                    //CHECK JWT
-                    if (!context.Request.Path.Value.EndsWith("/auth") && u.currentAuthToken != JWT)//except "/api/v8/auth" so user can login
+                    //CHECK JWT 
+                    if (
+                        !context.Request.Path.Value.EndsWith("/auth") &&
+                        !context.Request.Path.Value.EndsWith("notify/hello") &&
+                        u.currentAuthToken != JWT
+                    )//except "/api/v8/auth" and prelogin notify/hello routes so user can login
                     {
                         context.Response.StatusCode = 401;
                         context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2006 - Authorization token replaced by more recent login");