joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only allow basic auth credentials with a known appId (#2574)

Browse Source 
* Only allow basic auth credentials with a known appId

* Update middlewares.js

* Updating basic auth tests to use valid appId
This commit is contained in:
Tom J
2016-08-25 10:04:23 -07:00
committed by Florent Vilmart
parent 8eafe45664
commit 2aa14adf87
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
spec/index.spec.js
View File

@@ -26,6 +26,7 @@ describe('server', () => {
}); });
it('support http basic authentication with masterkey', done => { it('support http basic authentication with masterkey', done => {
reconfigureServer({ appId: 'test' }).then(() => {
request.get({ request.get({
url: 'http://localhost:8378/1/classes/TestObject', url: 'http://localhost:8378/1/classes/TestObject',
headers: { headers: {
@@ -35,9 +36,11 @@ describe('server', () => {
expect(response.statusCode).toEqual(200); expect(response.statusCode).toEqual(200);
done(); done();
}); });
})
}); });
it('support http basic authentication with javascriptKey', done => { it('support http basic authentication with javascriptKey', done => {
reconfigureServer({ appId: 'test' }).then(() => {
request.get({ request.get({
url: 'http://localhost:8378/1/classes/TestObject', url: 'http://localhost:8378/1/classes/TestObject',
headers: { headers: {
@@ -47,6 +50,7 @@ describe('server', () => {
expect(response.statusCode).toEqual(200); expect(response.statusCode).toEqual(200);
done(); done();
}); });
})
}); });
it('fails if database is unreachable', done => { it('fails if database is unreachable', done => {

5
src/middlewares.js
View File

@@ -31,10 +31,13 @@ export function handleParseHeaders(req, res, next) {
var basicAuth = httpAuth(req); var basicAuth = httpAuth(req);
if (basicAuth) { if (basicAuth) {
info.appId = basicAuth.appId var basicAuthAppId = basicAuth.appId;
if (AppCache.get(basicAuthAppId)) {
info.appId = basicAuthAppId;
info.masterKey = basicAuth.masterKey || info.masterKey; info.masterKey = basicAuth.masterKey || info.masterKey;
info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey; info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey;
} }
}
if (req.body) { if (req.body) {
// Unity SDK sends a _noBody key which needs to be removed. // Unity SDK sends a _noBody key which needs to be removed.