mirror of
https://github.com/laurent22/joplin.git
synced 2025-01-11 18:24:43 +02:00
Server: Fixed error handling when no session is provided
This commit is contained in:
parent
e828c8e6eb
commit
63a5bfa756
@ -16,10 +16,14 @@ export default async function(ctx: AppContext) {
|
||||
let responseObject = null;
|
||||
|
||||
const routeHandler = match.route.findEndPoint(ctx.request.method as HttpMethod, match.subPath.schema);
|
||||
responseObject = await routeHandler(match.subPath, ctx);
|
||||
|
||||
// This is a generic catch-all for all private end points - if we
|
||||
// couldn't get a valid session, we exit now. Individual end points
|
||||
// might have additional permission checks depending on the action.
|
||||
if (!match.route.public && !ctx.owner) throw new ErrorForbidden();
|
||||
|
||||
responseObject = await routeHandler(match.subPath, ctx);
|
||||
|
||||
if (responseObject instanceof Response) {
|
||||
ctx.response = responseObject.response;
|
||||
} else if (isView(responseObject)) {
|
||||
|
@ -416,4 +416,9 @@ describe('api_files', function() {
|
||||
expect(page3.items.length).toBe(0);
|
||||
});
|
||||
|
||||
test('should not allow creating file without auth', async function() {
|
||||
const context = await putFileContentContext('', 'root:/photo.jpg:', testFilePath());
|
||||
expect(context.response.status).toBe(ErrorForbidden.httpCode);
|
||||
});
|
||||
|
||||
});
|
||||
|
@ -15,7 +15,7 @@ import { AppContext } from '../types';
|
||||
import { koaAppContext } from './testUtils';
|
||||
|
||||
export function checkContextError(context: AppContext) {
|
||||
if (context.response.status >= 400) throw new Error(`Cannot create directory: ${JSON.stringify(context.response)}`);
|
||||
if (context.response.status >= 400) throw new Error(JSON.stringify(context.response));
|
||||
}
|
||||
|
||||
export async function getFileMetadataContext(sessionId: string, path: string): Promise<AppContext> {
|
||||
|
Loading…
Reference in New Issue
Block a user