libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
etherpad-lite/tests/backend
History
Richard Hansen 6408d2313c webaccess: Be extra paranoid about nullish password 
If `settings.json` contains a user without a `password` property then
nobody should be able to log in as that user using the built-in HTTP
basic authentication. This is true both with and without this change,
but before this change it wasn't immediately obvious that a malicious
user couldn't use an empty or null password to log in as such a user.
This commit adds an explicit nullish check and some unit tests to
ensure that an empty or null password will not work if the `password`
property is null or undefined.
2020-11-04 18:06:08 +00:00
..
specs webaccess: Be extra paranoid about nullish password 2020-11-04 18:06:08 +00:00
common.js hooks: Rewrite callAll and aCallAll for consistency 2020-10-24 16:08:50 +01:00
fuzzImportTest.js tests: Simplify API key reading 2020-10-08 22:50:18 +01:00