ComputerSurge/shields
3
0
Fork 0
Code Pull Requests 1 Activity

Github admin endpoint: use basic auth password instead of username (#1317)

Browse Source
This commit is contained in:
Paul Melnikow
2017-12-03 15:07:58 -05:00
committed by GitHub
parent 7e668c74b6
commit 1d313bdd19
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/github-auth.js
View File

@@ -120,10 +120,14 @@ function setRoutes(server) {
// - Ensure tokens have been propagated to all servers
// - Debug GitHub badge failures
//
// The admin can authenticate with HTTP Basic Auth, with the shields secret
// in the username and an empty/any password.
// The admin can authenticate with HTTP Basic Auth, with an empty/any
// username and the shields secret in the password and an empty/any
// password.
//
// e.g.
// curl -u ':very-very-secret' 'https://example.com/$github-auth/tokens'
server.ajax.on('github-auth/tokens', (json, end, ask) => {
if (! constEq(ask.username, serverSecrets.shieldsSecret)) {
if (! constEq(ask.password, serverSecrets.shieldsSecret)) {
// An unknown entity tries to connect. Let the connection linger for a minute.
return setTimeout(function() { end('Invalid secret.'); }, 10000);
}