joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only allow basic auth credentials with a known appId (#2574)

Browse Source 
* Only allow basic auth credentials with a known appId

* Update middlewares.js

* Updating basic auth tests to use valid appId
This commit is contained in:
Tom J
2016-08-25 10:04:23 -07:00
committed by Florent Vilmart
parent 8eafe45664
commit 2aa14adf87
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/middlewares.js
View File

@@ -31,9 +31,12 @@ export function handleParseHeaders(req, res, next) {
var basicAuth = httpAuth(req);
if (basicAuth) {
info.appId = basicAuth.appId
info.masterKey = basicAuth.masterKey || info.masterKey;
info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey;
var basicAuthAppId = basicAuth.appId;
if (AppCache.get(basicAuthAppId)) {
info.appId = basicAuthAppId;
info.masterKey = basicAuth.masterKey || info.masterKey;
info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey;
}
}
if (req.body) {