5apps/liquor-cabinet
5apps/liquor-cabinet
4
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Activity

Merge pull request #88 from 5apps/bugfix/87-empty_bearer_token

Browse Source 
Return 401 when getting an empty bearer token
This commit is contained in:
Basti 2016-07-20 18:05:16 +02:00 committed by GitHub
commit 4cd32b2e1b
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/remote_storage/swift.rb
View File

@ -24,7 +24,7 @@ module RemoteStorage
return true if ["GET", "HEAD"].include?(request_method) && !listing return true if ["GET", "HEAD"].include?(request_method) && !listing
end end
server.halt 401, "Unauthorized" if token.empty? server.halt 401, "Unauthorized" if token.nil? || token.empty?
authorizations = redis.smembers("authorizations:#{user}:#{token}") authorizations = redis.smembers("authorizations:#{user}:#{token}")
permission = directory_permission(authorizations, directory) permission = directory_permission(authorizations, directory)

11
spec/swift/app_spec.rb
View File

@ -280,7 +280,6 @@ describe "App" do
end end
context "not authorized" do context "not authorized" do
describe "with no token" do describe "with no token" do
it "says it's not authorized" do it "says it's not authorized" do
delete "/phil/food/aguacate" delete "/phil/food/aguacate"
@ -290,6 +289,16 @@ describe "App" do
end end
end end
describe "with empty token" do
it "says it's not authorized" do
header "Authorization", "Bearer "
delete "/phil/food/aguacate"
last_response.status.must_equal 401
last_response.body.must_equal "Unauthorized"
end
end
describe "with wrong token" do describe "with wrong token" do
it "says it's not authorized" do it "says it's not authorized" do
header "Authorization", "Bearer wrongtoken" header "Authorization", "Bearer wrongtoken"