Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Correcting the HTTP methods for the public urls of forgotPassword & resetPassword

Browse Source
This commit is contained in:
Arpit Mohan 2019-12-19 13:04:13 +05:30
parent f75331b116
commit 20ea476dc7
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
View File

@ -87,9 +87,9 @@ public class SecurityConfig {
// This is because the flow enters AclFilter as well and needs to be whitelisted there // This is because the flow enters AclFilter as well and needs to be whitelisted there
.matchers(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/login"), .matchers(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/login"),
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL), ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL),
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/forgotPassword"), ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/forgotPassword"),
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/verifyPasswordResetToken"), ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/verifyPasswordResetToken"),
ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/resetPassword")) ServerWebExchangeMatchers.pathMatchers(HttpMethod.PUT, USER_URL + "/resetPassword"))
.permitAll() .permitAll()
.pathMatchers("/public/**").permitAll() .pathMatchers("/public/**").permitAll()
.anyExchange() .anyExchange()

6
app/server/appsmith-server/src/main/resources/public/appsmith/authz/acl.rego
View File

@ -23,10 +23,10 @@ url_allow = true {
# All public URLs must go into this list. Anything not in this list requires an authenticated session to access # All public URLs must go into this list. Anything not in this list requires an authenticated session to access
public_operations = [ public_operations = [
{"method" : "POST", "url" : "/api/v1/users/forgotPassword" }, {"method" : "GET", "url" : "/api/v1/users/forgotPassword" },
{"method" : "POST", "url" : "/api/v1/users" }, {"method" : "POST", "url" : "/api/v1/users" },
{"method" : "POST", "url" : "/api/v1/users/verifyPasswordResetToken" }, {"method" : "GET", "url" : "/api/v1/users/verifyPasswordResetToken" },
{"method" : "POST", "url" : "/api/v1/users/resetPassword" }, {"method" : "PUT", "url" : "/api/v1/users/resetPassword" },
] ]
# This is a global list of all the routes for all controllers. Any new controller that is written must # This is a global list of all the routes for all controllers. Any new controller that is written must

BIN
app/server/appsmith-server/src/main/resources/public/bundle.tar.gz
View File

Binary file not shown.