libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
etherpad-lite/tests/backend/specs
History
Richard Hansen 6408d2313c webaccess: Be extra paranoid about nullish password 
If `settings.json` contains a user without a `password` property then
nobody should be able to log in as that user using the built-in HTTP
basic authentication. This is true both with and without this change,
but before this change it wasn't immediately obvious that a malicious
user couldn't use an empty or null password to log in as such a user.
This commit adds an explicit nullish check and some unit tests to
ensure that an empty or null password will not work if the `password`
property is null or undefined.
2020-11-04 18:06:08 +00:00
..
api tests: Clear auth hooks before running import/export unit tests 2020-10-29 19:06:24 -04:00
contentcollector.js tests: Include the filename in the test output 2020-10-14 11:16:39 +01:00
hooks.js hooks: Rewrite callAll and aCallAll for consistency 2020-10-24 16:08:50 +01:00
promises.js tests: Include the filename in the test output 2020-10-14 11:16:39 +01:00
socketio.js tests: Clear auth hooks before running socket.io unit tests 2020-10-29 18:53:10 -04:00
webaccess.js webaccess: Be extra paranoid about nullish password 2020-11-04 18:06:08 +00:00