gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-03-01 14:22:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

basic auth etapi should require "etapi" username

Browse Source
This commit is contained in:
zadam 2022-10-09 21:33:32 +02:00
parent 5a3c50d9fb
commit 3e07c08043
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/services/etapi_tokens.js
View File

@ -37,11 +37,15 @@ function parseAuthToken(auth) {
const basicAuthStr = utils.fromBase64(auth.substring(6)).toString("UTF-8");
const basicAuthChunks = basicAuthStr.split(":");
if (basicAuthChunks.length === 2) {
auth = basicAuthChunks[1];
} else {
if (basicAuthChunks.length !== 2) {
return null;
}
if (basicAuthChunks[0] !== "etapi") {
return null;
}
auth = basicAuthChunks[1];
}
const chunks = auth.split("_");

11
test-etapi/basic-auth.http
View File

@ -1,5 +1,5 @@
GET {{triliumHost}}/etapi/app-info
Authorization: Basic whatever {{authToken}}
Authorization: Basic etapi {{authToken}}
> {%
client.assert(response.status === 200);
@ -9,6 +9,13 @@ Authorization: Basic whatever {{authToken}}
###
GET {{triliumHost}}/etapi/app-info
Authorization: Basic whatever wrong pass
Authorization: Basic etapi wrong
> {% client.assert(response.status === 401); %}
###
GET {{triliumHost}}/etapi/app-info
Authorization: Basic wrong {{authToken}}
> {% client.assert(response.status === 401); %}