joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only allow basic auth credentials with a known appId (#2574)

Browse Source 
* Only allow basic auth credentials with a known appId

* Update middlewares.js

* Updating basic auth tests to use valid appId
This commit is contained in:
Tom J
2016-08-25 10:04:23 -07:00
committed by Florent Vilmart
parent 8eafe45664
commit 2aa14adf87
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
spec/index.spec.js
View File

@@ -26,27 +26,31 @@ describe('server', () => {
}); });
it('support http basic authentication with masterkey', done => { it('support http basic authentication with masterkey', done => {
request.get({ reconfigureServer({ appId: 'test' }).then(() => {
url: 'http://localhost:8378/1/classes/TestObject', request.get({
headers: { url: 'http://localhost:8378/1/classes/TestObject',
'Authorization': 'Basic ' + new Buffer('test:' + 'test').toString('base64') headers: {
} 'Authorization': 'Basic ' + new Buffer('test:' + 'test').toString('base64')
}, (error, response, body) => { }
expect(response.statusCode).toEqual(200); }, (error, response, body) => {
done(); expect(response.statusCode).toEqual(200);
}); done();
});
})
}); });
it('support http basic authentication with javascriptKey', done => { it('support http basic authentication with javascriptKey', done => {
request.get({ reconfigureServer({ appId: 'test' }).then(() => {
url: 'http://localhost:8378/1/classes/TestObject', request.get({
headers: { url: 'http://localhost:8378/1/classes/TestObject',
'Authorization': 'Basic ' + new Buffer('test:javascript-key=' + 'test').toString('base64') headers: {
} 'Authorization': 'Basic ' + new Buffer('test:javascript-key=' + 'test').toString('base64')
}, (error, response, body) => { }
expect(response.statusCode).toEqual(200); }, (error, response, body) => {
done(); expect(response.statusCode).toEqual(200);
}); done();
});
})
}); });
it('fails if database is unreachable', done => { it('fails if database is unreachable', done => {

9
src/middlewares.js
View File

@@ -31,9 +31,12 @@ export function handleParseHeaders(req, res, next) {
var basicAuth = httpAuth(req); var basicAuth = httpAuth(req);
if (basicAuth) { if (basicAuth) {
info.appId = basicAuth.appId var basicAuthAppId = basicAuth.appId;
info.masterKey = basicAuth.masterKey || info.masterKey; if (AppCache.get(basicAuthAppId)) {
info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey; info.appId = basicAuthAppId;
info.masterKey = basicAuth.masterKey || info.masterKey;
info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey;
}
} }
if (req.body) { if (req.body) {