bubblev
/
bubble
9
0
派生 0
代码 工单 0 合并请求 0 版本发布 130 百科 动态
浏览代码

improve auth responses, use 401 instead of 403 for unauthenticated requests

tags/v0.10.5
Jonathan Cobb 4 年前
父节点
56b723d32e
当前提交
45591f4b69
共有 6 个文件被更改,包括 14 次插入10 次删除
分列视图
Diff 选项
显示统计 下载 Patch 文件 下载 Diff 文件
  1. +9
    -5
      bubble-server/src/main/java/bubble/resources/account/AuthResource.java
  2. +1
    -1
      bubble-server/src/test/resources/models/tests/auth/account_registration.json
  3. +1
    -1
      bubble-server/src/test/resources/models/tests/auth/basic_auth.json
  4. +1
    -1
      bubble-server/src/test/resources/models/tests/auth/change_admin_password.json
  5. +1
    -1
      bubble-server/src/test/resources/models/tests/auth/change_password.json
  6. +1
    -1
      utils/cobbzilla-wizard

+ 9
- 5
bubble-server/src/main/java/bubble/resources/account/AuthResource.java 查看文件

@@ -567,12 +567,16 @@ public class AuthResource {
@POST @Path(EP_LOGOUT+"/{id}")
public Response logoutUserEverywhere(@Context ContainerRequest ctx,
@PathParam("id") String id) {
final Account account = optionalUserPrincipal(ctx);
if (account == null) return invalid("err.logout.noSession");
if (!account.admin()) return forbidden();
final Account caller = optionalUserPrincipal(ctx);
if (caller == null) return invalid("err.logout.noSession");
final Account target = accountDAO.findById(id);
if (target == null) return notFound(id);
sessionDAO.invalidateAllSessions(id);
if (target == null) {
if (caller.admin()) return notFound(id);
return forbidden();
} else if (!target.getUuid().equals(caller.getUuid())) {
return forbidden();
}
sessionDAO.invalidateAllSessions(target.getUuid());
return ok_empty();
}



+ 1
- 1
bubble-server/src/test/resources/models/tests/auth/account_registration.json 查看文件

@@ -126,7 +126,7 @@
"session": "user1session",
"uri": "me/networks/{{networks.[0].uuid}}/tags"
},
"response": { "status": 403 }
"response": { "status": 401 }
},

{


+ 1
- 1
bubble-server/src/test/resources/models/tests/auth/basic_auth.json 查看文件

@@ -51,7 +51,7 @@
{
"comment": "verify cannot read self after logout",
"request": { "uri": "me" },
"response": { "status": 403 }
"response": { "status": 401 }
}

]

+ 1
- 1
bubble-server/src/test/resources/models/tests/auth/change_admin_password.json 查看文件

@@ -104,7 +104,7 @@
"uri": "me",
"session": "rootSession"
},
"response": { "status": 403 }
"response": { "status": 401 }
},

{


+ 1
- 1
bubble-server/src/test/resources/models/tests/auth/change_password.json 查看文件

@@ -189,7 +189,7 @@
"uri": "me"
},
"response": {
"status": 403
"status": 401
}
},



+ 1
- 1
utils/cobbzilla-wizard

@@ -1 +1 @@
Subproject commit 1b2c4adef489e38bb3e488bf995db79d50fea138
Subproject commit 0c698babbbffdbc4be53bc844ceec64fc6f2a981

撰写 预览
正在加载...
取消
保存