diff options
author | drebs <drebs@leap.se> | 2016-12-18 12:56:21 -0200 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-02-09 17:41:33 +0100 |
commit | a39af0e003ba95c9b7ab554aa4a4c5ce316a43c7 (patch) | |
tree | 1f7bb3b42724f3646af6ebe77509a70a924a5963 /server/src/leap | |
parent | db7607768310c9f9993d771cf1951d396be2554b (diff) |
[bug] disallow all requests to "user-{uuid}/"
Diffstat (limited to 'server/src/leap')
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index b0764569..f3d9c8a8 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -100,7 +100,7 @@ class URLToAuthorization(object): /shared-db/docs | - /shared-db/doc/{any_id} | GET, PUT, DELETE /shared-db/sync-from/{source} | - - /user-db | GET, PUT, DELETE + /user-db | - /user-db/docs | - /user-db/doc/{id} | - /user-db/sync-from/{source} | GET, PUT, POST @@ -108,19 +108,12 @@ class URLToAuthorization(object): # auth info for global resource self._register('/', [self.HTTP_METHOD_GET]) # auth info for shared-db database resource - self._register( - '/%s' % SHARED_DB_NAME, - [self.HTTP_METHOD_GET]) + self._register('/%s' % SHARED_DB_NAME, [self.HTTP_METHOD_GET]) # auth info for shared-db doc resource self._register( '/%s/doc/{id:.*}' % SHARED_DB_NAME, [self.HTTP_METHOD_GET, self.HTTP_METHOD_PUT, self.HTTP_METHOD_DELETE]) - # auth info for user-db database resource - self._register( - '/%s' % self._user_db_name, - [self.HTTP_METHOD_GET, self.HTTP_METHOD_PUT, - self.HTTP_METHOD_DELETE]) # auth info for user-db sync resource self._register( '/%s/sync-from/{source_replica_uid}' % self._user_db_name, |