From 6f90efb20c73794b2ed05aa7b84c01389befdad5 Mon Sep 17 00:00:00 2001
From: mrugesh <1884376+raisedadead@users.noreply.github.com>
Date: Wed, 18 Mar 2020 22:35:42 +0530
Subject: [PATCH] fix(api): update routes for authorization bypass (#38387)

---
 .../server/middlewares/request-authorization.js       |  8 ++++++++
 .../server/middlewares/request-authorization.test.js  | 11 ++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/api-server/server/middlewares/request-authorization.js b/api-server/server/middlewares/request-authorization.js
index 78aee7fd1a..ec7bee9b23 100644
--- a/api-server/server/middlewares/request-authorization.js
+++ b/api-server/server/middlewares/request-authorization.js
@@ -12,21 +12,29 @@ import { jwtSecret as _jwtSecret } from '../../../config/secrets';
 import { wrapHandledError } from '../utils/create-handled-error';
 
 const authRE = /^\/auth\//;
+const confirmEmailRE = /^\/confirm-email$/;
 const newsShortLinksRE = /^\/n\/|^\/p\//;
+const publicUserRE = /^\/api\/users\/get-public-profile$/;
+const publicUsernameRE = /^\/api\/users\/exists$/;
 const resubscribeRE = /^\/resubscribe\//;
 const showCertRE = /^\/certificate\/showCert\//;
 // note: signin may not have a trailing slash
 const signinRE = /^\/signin/;
+const statusRE = /^\/status\/ping$/;
 const unsubscribedRE = /^\/unsubscribed\//;
 const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
 const updatePaypalRE = /^\/donate\/update-paypal/;
 
 const _whiteListREs = [
   authRE,
+  confirmEmailRE,
   newsShortLinksRE,
+  publicUserRE,
+  publicUsernameRE,
   resubscribeRE,
   showCertRE,
   signinRE,
+  statusRE,
   unsubscribedRE,
   unsubscribeRE,
   updatePaypalRE
diff --git a/api-server/server/middlewares/request-authorization.test.js b/api-server/server/middlewares/request-authorization.test.js
index fdc41a1935..e48fa98c66 100644
--- a/api-server/server/middlewares/request-authorization.test.js
+++ b/api-server/server/middlewares/request-authorization.test.js
@@ -29,21 +29,29 @@ const mockGetUserById = id =>
 describe('request-authorization', () => {
   describe('isWhiteListedPath', () => {
     const authRE = /^\/auth\//;
+    const confirmEmailRE = /^\/confirm-email$/;
     const newsShortLinksRE = /^\/n\/|^\/p\//;
+    const publicUserRE = /^\/api\/users\/get-public-profile$/;
+    const publicUsernameRE = /^\/api\/users\/exists$/;
     const resubscribeRE = /^\/resubscribe\//;
     const showCertRE = /^\/certificate\/showCert\//;
     // note: signin may not have a trailing slash
     const signinRE = /^\/signin/;
+    const statusRE = /^\/status\/ping$/;
     const unsubscribedRE = /^\/unsubscribed\//;
     const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
     const updatePaypalRE = /^\/donate\/update-paypal/;
 
     const whiteList = [
       authRE,
+      confirmEmailRE,
       newsShortLinksRE,
+      publicUserRE,
+      publicUsernameRE,
       resubscribeRE,
       showCertRE,
       signinRE,
+      statusRE,
       unsubscribedRE,
       unsubscribeRE,
       updatePaypalRE
@@ -51,13 +59,10 @@ describe('request-authorization', () => {
 
     it('returns a boolean', () => {
       const result = isWhiteListedPath();
-
       expect(typeof result).toBe('boolean');
     });
 
     it('returns true for a white listed path', () => {
-      expect.assertions(2);
-
       const resultA = isWhiteListedPath(
         '/auth/auth0/callback?code=yF_mGjswLsef-_RLo',
         whiteList