gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-03-01 14:22:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

basic auth etapi should require "etapi" username

Browse Source
This commit is contained in:
zadam 2022-10-09 21:33:32 +02:00
parent 5a3c50d9fb
commit 3e07c08043
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/services/etapi_tokens.js
View File

@ -37,11 +37,15 @@ function parseAuthToken(auth) {
const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("UTF-8"); const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("UTF-8");
const basicAuthChunks = basicAuthStr.split(":"); const basicAuthChunks = basicAuthStr.split(":");
if (basicAuthChunks.length === 2) { if (basicAuthChunks.length !== 2) {
auth = basicAuthChunks[1];
} else {
return null; return null;
} }
if (basicAuthChunks[0] !== "etapi") {
return null;
}
auth = basicAuthChunks[1];
} }
const chunks = auth.split("_"); const chunks = auth.split("_");

11
test-etapi/basic-auth.http
View File

@ -1,5 +1,5 @@
GET {{triliumHost}}/etapi/app-info GET {{triliumHost}}/etapi/app-info
Authorization: Basic whatever {{authToken}} Authorization: Basic etapi {{authToken}}
> {% > {%
client.assert(response.status === 200); client.assert(response.status === 200);
@ -9,6 +9,13 @@ Authorization: Basic whatever {{authToken}}
### ###
GET {{triliumHost}}/etapi/app-info GET {{triliumHost}}/etapi/app-info
Authorization: Basic whatever wrong pass Authorization: Basic etapi wrong
> {% client.assert(response.status === 401); %}
###
GET {{triliumHost}}/etapi/app-info
Authorization: Basic wrong {{authToken}}
> {% client.assert(response.status === 401); %} > {% client.assert(response.status === 401); %}