1
0
mirror of https://github.com/laurent22/joplin.git synced 2025-01-11 18:24:43 +02:00

Server: Fixed error handling when no session is provided

This commit is contained in:
Laurent Cozic 2021-01-25 12:13:02 +00:00
parent e828c8e6eb
commit 63a5bfa756
3 changed files with 11 additions and 2 deletions

View File

@ -16,10 +16,14 @@ export default async function(ctx: AppContext) {
let responseObject = null;
const routeHandler = match.route.findEndPoint(ctx.request.method as HttpMethod, match.subPath.schema);
responseObject = await routeHandler(match.subPath, ctx);
// This is a generic catch-all for all private end points - if we
// couldn't get a valid session, we exit now. Individual end points
// might have additional permission checks depending on the action.
if (!match.route.public && !ctx.owner) throw new ErrorForbidden();
responseObject = await routeHandler(match.subPath, ctx);
if (responseObject instanceof Response) {
ctx.response = responseObject.response;
} else if (isView(responseObject)) {

View File

@ -416,4 +416,9 @@ describe('api_files', function() {
expect(page3.items.length).toBe(0);
});
test('should not allow creating file without auth', async function() {
const context = await putFileContentContext('', 'root:/photo.jpg:', testFilePath());
expect(context.response.status).toBe(ErrorForbidden.httpCode);
});
});

View File

@ -15,7 +15,7 @@ import { AppContext } from '../types';
import { koaAppContext } from './testUtils';
export function checkContextError(context: AppContext) {
if (context.response.status >= 400) throw new Error(`Cannot create directory: ${JSON.stringify(context.response)}`);
if (context.response.status >= 400) throw new Error(JSON.stringify(context.response));
}
export async function getFileMetadataContext(sessionId: string, path: string): Promise<AppContext> {