This repository has been archived by the owner on Apr 16, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 70
Bugfix/#1190 UnitController vulnerabilities #1191
Merged
kesselb
merged 25 commits into
develop
from
bugfix/#1190-UnitController-vulnerabilities
Mar 22, 2019
Merged
Bugfix/#1190 UnitController vulnerabilities #1191
kesselb
merged 25 commits into
develop
from
bugfix/#1190-UnitController-vulnerabilities
Mar 22, 2019
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These will fail until the corresponding vulnerabilities are fixed.
torss
added
bug
This Issue describes a unwanted behavior
api
All Backend related Issues
refactoring
🔒 security
This directly pertains to geli's security!
labels
Mar 21, 2019
kesselb
reviewed
Mar 22, 2019
kesselb
reviewed
Mar 22, 2019
kesselb
reviewed
Mar 22, 2019
kesselb
approved these changes
Mar 22, 2019
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
api
All Backend related Issues
bug
This Issue describes a unwanted behavior
refactoring
🔒 security
This directly pertains to geli's security!
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Closes #1190
Fixes
UnitController
vulnerabilities.Improvements:
course.checkPrivileges
.GET
&DELETE
route unit tests for status code200
.403
(not authorized to view / edit course) unit tests for all 4 routes.DELETE
route now returns a completely empty object (very minor change).async
/await
usage anderrorCodes
refactoring.Known Issues:
The
DELETE
route usesawait unit.remove()
, which gives aDeprecationWarning: collection.remove is deprecated. Use deleteOne, deleteMany, or bulkWrite instead.
, butdeleteOne
is still missing middleware support (whichUnit
makes use of): Automattic/mongoose#7195 & https://mongoosejs.com/docs/api.html#model_Model.deleteOneThis problem wasn't introduced by this PR, I just noticed it while running the unit tests, but left it be due to the middleware regression.