Permalink
Browse files

#1206 fixed issue where unauthorized access of a route that did not h…

…ave a default "render" handler caused a failure after login
  • Loading branch information...
brianhyder committed Jan 22, 2017
1 parent 8a2eca3 commit 4063666a992bbc3a3c7c0f7e20bb91b7d3d9ddeb
@@ -17,6 +17,7 @@
'use strict';
//dependencies
var _ = require('lodash');
var path = require('path');
var HttpStatusCodes = require('http-status-codes');
var XmlErrorFormatter = require('./xml_error_formatter');
@@ -145,9 +146,10 @@ module.exports = function(pb) {
failedControllerPaths[paths[i]] = true;
}
}
params.request.controllerInstance = new ErrorController();
params.request.controllerInstance.error = params.error;
params.request.themeRoute = params.request.themeRoute || {};
params.request.themeRoute = !!params.request.themeRoute ? _.clone(params.request.themeRoute) : {};
params.request.routeTheme = params.request.routeTheme || {};
params.request.siteObj = params.request.siteObj || pb.SiteService.getGlobalSiteContext();
params.request.themeRoute.handler = 'render';
@@ -485,8 +485,12 @@ module.exports = function RequestHandlerModule(pb) {
routeDescriptor.themes[site][theme] = {};
routeDescriptor.themes[site].size++;
}
routeDescriptor.themes[site][theme][descriptor.method] = descriptor;
routeDescriptor.themes[site][theme][descriptor.method].controller = Controller;
//set the controller then lock it down to prevent tampering
descriptor.controller = Controller;
routeDescriptor.themes[site][theme][descriptor.method] = Object.freeze(descriptor);
//only add the descriptor it is new. We do it here because we need to
//know that the controller is good.
@@ -78,19 +78,24 @@ describe('ErrorFormatters', function() {
var error = new Error('hello world');
error.code = 510;
var themeRoute = Object.freeze({
handler: 'testHandler'
});
var params = {
error: error,
activeTheme: 'pencilblue',
request: {
router: {
continueAfter: function() {}
}
},
themeRoute: themeRoute
}
};
sinon.spy(params.request.router, 'continueAfter');
ErrorFormatters.html(params, function(err, result){});
(typeof params.request.controllerInstance).should.eql('object');
params.request.router.continueAfter.calledOnce.should.eql(true);
params.request.themeRoute.should.not.eql(themeRoute);
});
});

0 comments on commit 4063666

Please sign in to comment.