Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user-literal rewrite for anonymous requests [2.x] #3330

Merged
merged 1 commit into from
Apr 4, 2017
Merged

Fix user-literal rewrite for anonymous requests [2.x] #3330

merged 1 commit into from
Apr 4, 2017

Conversation

bajtos
Copy link
Member

@bajtos bajtos commented Apr 4, 2017
edited
Loading

Description

Currently any currentUserLiteral routes when accessed with a bad
token throw a 500 due to a SQL error that is raised because
Model.findById is invoked with id={currentUserLiteral}
(id=me in our case) when the url rewrite fails.

This commit changes the token middleware to return 401 Not Authorized
when the client is requesting a currentUserLiteral route without
a valid access token.

Related issues

cc @aaronbuchanan

Checklist

  • New tests added or existing tests modified to cover all changes
  • Code conforms with the style
    guide

@aaronbuchanan @bajtos
Fix user-literal rewrite for anonymous requests
50e0e48 
Currently any `currentUserLiteral` routes when accessed with a bad
token throw a 500 due to a SQL error that is raised because
`Model.findById` is invoked with `id={currentUserLiteral}`
(`id=me` in our case) when the url rewrite fails.

This commit changes the token middleware to return 401 Not Authorized
when the client is requesting a currentUserLiteral route without
a valid access token.
@bajtos bajtos self-assigned this Apr 4, 2017
@bajtos bajtos merged commit cf38c62 into 2.x Apr 4, 2017
@bajtos bajtos removed the review label Apr 4, 2017
@bajtos bajtos changed the title Fix user-literal rewrite for anonymous requests Fix user-literal rewrite for anonymous requests [2.x] Apr 4, 2017
@bajtos bajtos deleted the fix/unauthorized-current-user-literal-2x branch April 4, 2017 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bajtos bajtos

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bajtos @aaronbuchanan