From 806800c6fb6acc051a9ed261c98c5cf17e488f72 Mon Sep 17 00:00:00 2001 From: Nikita Lutsenko Date: Tue, 1 Mar 2016 20:30:29 -0800 Subject: [PATCH] Use shared middleware to enforce master key on global config update API. --- spec/ParseGlobalConfig.spec.js | 4 ++-- src/Routers/GlobalConfigRouter.js | 10 ++-------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/spec/ParseGlobalConfig.spec.js b/spec/ParseGlobalConfig.spec.js index 8b739a78..399c9ee6 100644 --- a/spec/ParseGlobalConfig.spec.js +++ b/spec/ParseGlobalConfig.spec.js @@ -53,8 +53,8 @@ describe('a GlobalConfig', () => { 'X-Parse-REST-API-Key': 'rest' }, }, (error, response, body) => { - expect(response.statusCode).toEqual(401); - expect(body.error).toEqual('unauthorized'); + expect(response.statusCode).toEqual(403); + expect(body.error).toEqual('unauthorized: master key is required'); done(); }); }); diff --git a/src/Routers/GlobalConfigRouter.js b/src/Routers/GlobalConfigRouter.js index 1fbde2d5..53abdac5 100644 --- a/src/Routers/GlobalConfigRouter.js +++ b/src/Routers/GlobalConfigRouter.js @@ -3,6 +3,7 @@ var Parse = require('parse/node').Parse; import PromiseRouter from '../PromiseRouter'; +import * as middleware from "../middlewares"; export class GlobalConfigRouter extends PromiseRouter { getGlobalConfig(req) { @@ -18,13 +19,6 @@ export class GlobalConfigRouter extends PromiseRouter { })); } updateGlobalConfig(req) { - if (!req.auth.isMaster) { - return Promise.resolve({ - status: 401, - response: {error: 'unauthorized'}, - }); - } - return req.config.database.rawCollection('_GlobalConfig') .then(coll => coll.findOneAndUpdate({ _id: 1 }, { $set: req.body })) .then(response => { @@ -41,7 +35,7 @@ export class GlobalConfigRouter extends PromiseRouter { mountRoutes() { this.route('GET', '/config', req => { return this.getGlobalConfig(req) }); - this.route('PUT', '/config', req => { return this.updateGlobalConfig(req) }); + this.route('PUT', '/config', middleware.promiseEnforceMasterKeyAccess, req => { return this.updateGlobalConfig(req) }); } }