mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-12-02 16:01:00 +01:00
Code Issues Projects Releases Wiki Activity
etherpad-lite/tests/backend/specs
History
Richard Hansen 6408d2313c webaccess: Be extra paranoid about nullish password 
If `settings.json` contains a user without a `password` property then
nobody should be able to log in as that user using the built-in HTTP
basic authentication. This is true both with and without this change,
but before this change it wasn't immediately obvious that a malicious
user couldn't use an empty or null password to log in as such a user.
This commit adds an explicit nullish check and some unit tests to
ensure that an empty or null password will not work if the `password`
property is null or undefined.
2020-11-04 18:06:08 +00:00
..
api
tests: Clear auth hooks before running import/export unit tests
2020-10-29 19:06:24 -04:00
contentcollector.js
tests: Include the filename in the test output
2020-10-14 11:16:39 +01:00
hooks.js
hooks: Rewrite callAll and aCallAll for consistency
2020-10-24 16:08:50 +01:00
promises.js
tests: Include the filename in the test output
2020-10-14 11:16:39 +01:00
socketio.js
tests: Clear auth hooks before running socket.io unit tests
2020-10-29 18:53:10 -04:00
webaccess.js
webaccess: Be extra paranoid about nullish password
2020-11-04 18:06:08 +00:00