gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(api): add /auth paths to whitelist (#38383)

Browse Source
This commit is contained in:
mrugesh
2020-03-18 17:49:42 +05:30
committed by GitHub
parent 7613df56e1
commit 933e289617
2 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
api-server/server/middlewares/request-authorization.js
View File

@ -11,23 +11,25 @@ import { jwtSecret as _jwtSecret } from '../../../config/secrets';
import { wrapHandledError } from '../utils/create-handled-error'; import { wrapHandledError } from '../utils/create-handled-error';
const authRE = /^\/auth\//;
const newsShortLinksRE = /^\/n\/|^\/p\//; const newsShortLinksRE = /^\/n\/|^\/p\//;
const showCertRE = /^\/certificate\/showCert\//;
const updatePaypalRE = /^\/donate\/update-paypal/;
// signin may not have a trailing slash
const signinRE = /^\/signin/;
const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
const unsubscribedRE = /^\/unsubscribed\//;
const resubscribeRE = /^\/resubscribe\//; const resubscribeRE = /^\/resubscribe\//;
const showCertRE = /^\/certificate\/showCert\//;
// note: signin may not have a trailing slash
const signinRE = /^\/signin/;
const unsubscribedRE = /^\/unsubscribed\//;
const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
const updatePaypalRE = /^\/donate\/update-paypal/;
const _whiteListREs = [ const _whiteListREs = [
authRE,
newsShortLinksRE, newsShortLinksRE,
resubscribeRE,
showCertRE, showCertRE,
updatePaypalRE,
signinRE, signinRE,
unsubscribeRE,
unsubscribedRE, unsubscribedRE,
resubscribeRE unsubscribeRE,
updatePaypalRE
]; ];
export function isWhiteListedPath(path, whiteListREs = _whiteListREs) { export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {

34
api-server/server/middlewares/request-authorization.test.js
View File

@ -28,7 +28,26 @@ const mockGetUserById = id =>
describe('request-authorization', () => { describe('request-authorization', () => {
describe('isWhiteListedPath', () => { describe('isWhiteListedPath', () => {
const whiteList = [/^\/is-ok\//, /^\/this-is\/also\/ok\//]; const authRE = /^\/auth\//;
const newsShortLinksRE = /^\/n\/|^\/p\//;
const resubscribeRE = /^\/resubscribe\//;
const showCertRE = /^\/certificate\/showCert\//;
// note: signin may not have a trailing slash
const signinRE = /^\/signin/;
const unsubscribedRE = /^\/unsubscribed\//;
const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
const updatePaypalRE = /^\/donate\/update-paypal/;
const whiteList = [
authRE,
newsShortLinksRE,
resubscribeRE,
showCertRE,
signinRE,
unsubscribedRE,
unsubscribeRE,
updatePaypalRE
];
it('returns a boolean', () => { it('returns a boolean', () => {
const result = isWhiteListedPath(); const result = isWhiteListedPath();
@ -39,15 +58,20 @@ describe('request-authorization', () => {
it('returns true for a white listed path', () => { it('returns true for a white listed path', () => {
expect.assertions(2); expect.assertions(2);
const resultA = isWhiteListedPath('/is-ok/should-be/good', whiteList); const resultA = isWhiteListedPath(
const resultB = isWhiteListedPath('/this-is/also/ok/surely', whiteList); '/auth/auth0/callback?code=yF_mGjswLsef-_RLo',
whiteList
);
const resultB = isWhiteListedPath('/ue/WmjInLerysPrcon6fMb/', whiteList);
expect(resultA).toBe(true); expect(resultA).toBe(true);
expect(resultB).toBe(true); expect(resultB).toBe(true);
}); });
it('returns false for a non-white-listed path', () => { it('returns false for a non-white-listed path', () => {
const result = isWhiteListedPath('/hax0r-42/no-go', whiteList); const resultA = isWhiteListedPath('/hax0r-42/no-go', whiteList);
expect(result).toBe(false); const resultB = isWhiteListedPath('/update-current-challenge', whiteList);
expect(resultA).toBe(false);
expect(resultB).toBe(false);
}); });
}); });