Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added warning for special URL sensitive characters for appId #6159

Merged
merged 2 commits into from
Oct 26, 2019

Conversation

ssafayet
Copy link
Contributor

If we use reserved and unwise character in context of a URI/URL inside an Application ID, it can create issues in many cases such as:

  1. The rendered URL for a password reset, email verification won't work as it fails to be rendered in the actual application id resulted in unauthorized.
  2. The file download will be an issue as parse uses application id in the URL too.

So I included a warning message for some reserved character in the context of URL which can cause problems where application id is included in a URL.

Copy link
Member

@dplewis dplewis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a comment from me. Can you add a test case as well?

src/ParseServer.js Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Oct 26, 2019

Codecov Report

Merging #6159 into master will decrease coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #6159      +/-   ##
==========================================
- Coverage   93.78%   93.77%   -0.01%     
==========================================
  Files         166      166              
  Lines       11271    11275       +4     
==========================================
+ Hits        10570    10573       +3     
- Misses        701      702       +1
Impacted Files Coverage Δ
src/ParseServer.js 97.59% <100%> (+0.05%) ⬆️
...dapters/Storage/Postgres/PostgresStorageAdapter.js 97.01% <0%> (-0.09%) ⬇️
src/RestWrite.js 93.72% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f50f8be...0aabc4d. Read the comment docs.

Copy link
Member

@dplewis dplewis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! @saimoomsafayet Are there other characters you can think of?

@dplewis dplewis merged commit cf9245a into parse-community:master Oct 26, 2019
UnderratedDev pushed a commit to UnderratedDev/parse-server that referenced this pull request Mar 21, 2020
…ommunity#6159)

* Added warning for special url sensitive characters for appId

* refactored and added test case
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants