mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist
This commit is contained in:
parent
635f79d2f6
commit
a7640b5bbd
3 changed files with 14 additions and 2 deletions
|
@ -90,7 +90,7 @@ module.exports = AuthenticationController =
|
|||
AuthenticationController._globalLoginWhitelist.push endpoint
|
||||
|
||||
requireGlobalLogin: (req, res, next) ->
|
||||
if req.url in AuthenticationController._globalLoginWhitelist
|
||||
if req._parsedUrl.pathname in AuthenticationController._globalLoginWhitelist
|
||||
return next()
|
||||
|
||||
if req.headers['authorization']?
|
||||
|
@ -98,6 +98,7 @@ module.exports = AuthenticationController =
|
|||
else if req.session.user?
|
||||
return next()
|
||||
else
|
||||
logger.log url:req.url, "user trying to access endpoint not in global whitelist"
|
||||
return res.redirect "/login"
|
||||
|
||||
httpAuth: require('express').basicAuth (user, pass)->
|
||||
|
|
|
@ -284,12 +284,22 @@ describe "AuthenticationController", ->
|
|||
describe "with white listed url", ->
|
||||
beforeEach ->
|
||||
@AuthenticationController.addEndpointToLoginWhitelist "/login"
|
||||
@req.url = "/login"
|
||||
@req._parsedUrl.pathname = "/login"
|
||||
@AuthenticationController.requireGlobalLogin @req, @res, @next
|
||||
|
||||
it "should call next() directly", ->
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "with white listed url and a query string", ->
|
||||
beforeEach ->
|
||||
@AuthenticationController.addEndpointToLoginWhitelist "/login"
|
||||
@req._parsedUrl.pathname = "/login"
|
||||
@req.url = "/login?query=something"
|
||||
@AuthenticationController.requireGlobalLogin @req, @res, @next
|
||||
|
||||
it "should call next() directly", ->
|
||||
@next.called.should.equal true
|
||||
|
||||
describe "with http auth", ->
|
||||
beforeEach ->
|
||||
@req.headers["authorization"] = "Mock Basic Auth"
|
||||
|
|
|
@ -5,6 +5,7 @@ class MockRequest
|
|||
|
||||
params: {}
|
||||
query: {}
|
||||
_parsedUrl:{}
|
||||
i18n:
|
||||
translate:->
|
||||
|
||||
|
|
Loading…
Reference in a new issue