6408d2313c
If `settings.json` contains a user without a `password` property then nobody should be able to log in as that user using the built-in HTTP basic authentication. This is true both with and without this change, but before this change it wasn't immediately obvious that a malicious user couldn't use an empty or null password to log in as such a user. This commit adds an explicit nullish check and some unit tests to ensure that an empty or null password will not work if the `password` property is null or undefined. |
||
---|---|---|
.. | ||
backend | ||
container | ||
frontend | ||
ratelimit | ||
README.md |
README.md
About this folder: Tests
Before running the tests, start an Etherpad instance on your machine.
Frontend
To run the frontend tests, point your browser to <yourdomainhere>/tests/frontend
Backend
To run the backend tests, run cd src
and then npm test