From ca70ad014116f5fa2892dfb5ef17c4294ddf73a1 Mon Sep 17 00:00:00 2001 From: Arthur Cinader Date: Thu, 9 Feb 2017 14:50:28 -0800 Subject: [PATCH 1/2] Add a unit test to fail when clientKey='' --- spec/Middlewares.spec.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/spec/Middlewares.spec.js b/spec/Middlewares.spec.js index 00dc63c59c..69f3384a63 100644 --- a/spec/Middlewares.spec.js +++ b/spec/Middlewares.spec.js @@ -79,6 +79,19 @@ describe('middlewares', () => { }); }); + it('should succeed when client key supplied but empty', (done) => { + AppCache.put(fakeReq.body._ApplicationId, { + clientKey: '', + masterKey: 'masterKey', + restAPIKey: 'restAPIKey' + }); + fakeReq.headers['x-parse-client-key'] = ''; + middlewares.handleParseHeaders(fakeReq, fakeRes, () => { + expect(fakeRes.status).not.toHaveBeenCalled(); + done(); + }); + }); + it('should succeed when no keys are configured and none supplied', (done) => { AppCache.put(fakeReq.body._ApplicationId, { masterKey: 'masterKey' From 5861996cb0091cc07076a20235b2d2f1f0e34bea Mon Sep 17 00:00:00 2001 From: Arthur Cinader Date: Thu, 9 Feb 2017 15:20:10 -0800 Subject: [PATCH 2/2] explicitly check if auth keys are undefined Simply checking if they are truthy causes a false negative if the value is ''. --- src/middlewares.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/middlewares.js b/src/middlewares.js index 2edbb3b1c2..209f3d3f99 100644 --- a/src/middlewares.js +++ b/src/middlewares.js @@ -122,10 +122,10 @@ export function handleParseHeaders(req, res, next) { // to preserve original behavior. const keys = ["clientKey", "javascriptKey", "dotNetKey", "restAPIKey"]; const oneKeyConfigured = keys.some(function(key) { - return req.config[key]; + return req.config[key] !== undefined; }); const oneKeyMatches = keys.some(function(key){ - return req.config[key] && info[key] == req.config[key]; + return req.config[key] !== undefined && info[key] === req.config[key]; }); if (oneKeyConfigured && !oneKeyMatches) {