GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: Remove fragment from AuthenticationHelper (#12477)

Browse Source
This commit is contained in:
Tom Moor
2026-05-26 20:18:14 -04:00
committed by GitHub
parent b9addda229
commit 62788c45e0
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
shared/helpers/AuthenticationHelper.test.ts
+14
View File
@@ -21,6 +21,20 @@ describe("AuthenticationHelper", () => {
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(true);
});
it("should ignore URL fragment", async () => {
const scopes = ["/api/documents.info"];
expect(
canAccess("/api/documents.create#foo/api/documents.info", scopes)
).toBe(false);
expect(
canAccess("/api/documents.info#foo/api/documents.create", scopes)
).toBe(true);
expect(
canAccess("/api/documents.create?x=1#foo/api/documents.info", scopes)
).toBe(false);
});
it("should return false if no matching scope", async () => {
const scopes = ["/api/documents.info"];
shared/helpers/AuthenticationHelper.ts
+2 -2
View File
@@ -39,8 +39,8 @@ export default class AuthenticationHelper {
return true;
}
// strip any query string, this is never used as part of scope matching
path = path.split("?")[0];
// strip any query string or fragment, these are never used as part of scope matching
path = path.split("?")[0].split("#")[0];
const resource = path.split("/").pop() ?? "";
const [namespace, method] = resource.split(".");