Skip to content

Only allow basic auth credentials with a known appId #2574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 25, 2016
Merged

Only allow basic auth credentials with a known appId #2574

merged 3 commits into from
Aug 25, 2016

Conversation

gyratorycircus
Copy link
Contributor

This allows basic auth credentials to be used for the appId, masterKey, and javascriptKey only when the basic auth username is a known appId, otherwise the header or body params will be used for credentials as usual. Addresses issue #2573.

@codecov-io
Copy link

codecov-io commented Aug 24, 2016
edited
Loading

Current coverage is 92.15% (diff: 100%)

Merging #2574 into master will increase coverage by 0.04%

@@             master      #2574   diff @@
==========================================
  Files            97         97          
  Lines         11927      11930     +3   
  Methods        1454       1454          
  Messages          0          0          
  Branches       1929       1930     +1   
==========================================
+ Hits          10986      10994     +8   
+ Misses          941        936     -5   
  Partials          0          0

Powered by Codecov. Last update 5ca4844...94131e1

@ghost
Copy link

ghost commented Aug 24, 2016

@gyratorycircus updated the pull request - view changes

@ghost
Copy link

ghost commented Aug 24, 2016

@gyratorycircus updated the pull request - view changes

@flovilmart flovilmart merged commit 2aa14ad into parse-community:master Aug 25, 2016
@flovilmart
Copy link
Contributor

LGTM!

@hramos hramos mentioned this pull request Aug 25, 2016
Closed
4 tasks
caoer added a commit to caoer/parse-server that referenced this pull request Aug 29, 2016
@caoer
Merge remote-tracking branch 'ParsePlatform/master'
4da46a6 
* ParsePlatform/master: (100 commits)
  Only allow basic auth credentials with a known appId (parse-community#2574)
  vk.com provider registered (parse-community#2579)
  chore(package): update parse-server-push-adapter to version 1.1.0 (parse-community#2588)
  vk.com auth data manager implemented (parse-community#2578)
  Fix a typo (parse-community#2563)
  Makes sure routes don't overlap and yield a header set error (parse-community#2559)
  Postgres: $all, $and CLP and more (parse-community#2551)
  Changelog 2.2.18 (parse-community#2558)
  chore(package): update winston-daily-rotate-file to version 1.3.0 (parse-community#2547)
  chore(package): update parse-server-s3-adapter to version 1.0.5 (parse-community#2536)
  Adds bcrypt native binding for better login performance (parse-community#2549)
  chore(package): update mongodb to version 2.2.7 (parse-community#2554)
  Make parse-server cloud code logging closer parse.com legacy (parse-community#2550)
  chore(package): update pg-promise to version 5.3.1 (parse-community#2519)
  Postgres: Operations, Hooks, OAuth login, Files support (parse-community#2528)
  Syncing afterSave/afterDelete trigger calls (Issue parse-community#2489) (parse-community#2499)
  Updated README.md (parse-community#2538)
  Fix capitalization, typo, and grammar mistake (parse-community#2533)
  Update ISSUE_TEMPLATE.md
  fix typo (parse-community#2525)
  ...
@flovilmart flovilmart modified the milestone: 2.2.19 Aug 30, 2016
@kschiffmann
Copy link

Can someone help me with basic auth on Parse Server? Basically, I think I need the syntax for adding the masterKey...

I have a Parse Server installed on Heroku with Parse Cloud code that I can verify is handling POSTs via "curl" commands, but am getting authorization errors via "basic HTTP authentication".

This works (I have taken out the -d data clause for clarity):

curl -X POST -H "X-Parse-Application-Id: " -H "X-Parse-Master-Key: KEY" -H "X-Parse-REST-API-Key: KEY" -H "Content-Type: application/json" https://SERVER.herokuapp.com/parse/functions/bloodPressureMonitorData

this URL w/basic authentication does not:

https://KEY:javascript-key:[email protected]/parse/functions/bloodPressureMonitorData

Maybe I need the "master key" too? But I don't know the syntax for that...

@flovilmart flovilmart mentioned this pull request Mar 20, 2017
Closed
@gyratorycircus gyratorycircus deleted the patch-1 branch November 8, 2017 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2.19
Development

Successfully merging this pull request may close these issues.
4 participants
@gyratorycircus @codecov-io @flovilmart @kschiffmann