Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backend] Auth remove for post contact us Fixed #963

Merged
merged 3 commits into from
May 26, 2024
Merged

[Backend] Auth remove for post contact us Fixed #963

merged 3 commits into from
May 26, 2024
+7 −3

Conversation

Hemu21
Copy link
Contributor

@Hemu21 Hemu21 commented May 25, 2024

Issue that this pull request solves

Issue Link resolve #957
Closes: #957

Brief description of what is fixed or changed

Post contact us doesn't need auth, why because user post the data using contact us. Because of authentication user unable to post the data from contact us page. Now post contact us works fine.

Types of changes

Put an x in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update (Documentation content changed)
  • Other (please describe):

Checklist

Put an x in the boxes that apply

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • My changes does not break the current system and it passes all the current test cases.

@auto-assign auto-assign bot requested a review from Kajol-Kumari May 25, 2024 03:53
@Hemu21
Copy link
Contributor Author

Hemu21 commented May 25, 2024

@Kajol-Kumari when you have a free time please check and merge it.

Kajol-Kumari
Kajol-Kumari requested changes May 25, 2024
View reviewed changes
Copy link
Member

@Kajol-Kumari Kajol-Kumari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hemu21 as this is for a level2 issue, can you also add middle ware here - https://github.com/HITK-TECH-Community/Community-Website/blob/main/backend/app/routes/joinUs/index.js#L10

the delete and get call should only be accessible to admins

backend/app/routes/contactUs/index.js Outdated
@@ -7,7 +7,7 @@ const deleteContactUs = require('./delete');
const { authMiddleware } = require('../../../helpers/middlewares/auth');

router.get('/getcontactus', getContact);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can u add the authMiddleware here as only admins should be able to fetch this data

@Hemu21
Copy link
Contributor Author

Hemu21 commented May 26, 2024

@Kajol-Kumari updated can you please check.

github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2024
View reviewed changes
backend/app/routes/contactUs/index.js
router.get('/getcontactus', getContact);
router.post('/',authMiddleware, validation(contactValidationSchema), postContact);
router.delete("/deleteContactUs",authMiddleware, deleteContactUs);
router.get('/getcontactus', authMiddleware, getContact);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
backend/app/routes/contactUs/index.js
router.delete("/deleteContactUs",authMiddleware, deleteContactUs);
router.get('/getcontactus', authMiddleware, getContact);
router.post('/', validation(contactValidationSchema), postContact);
router.delete('/deleteContactUs', authMiddleware, deleteContactUs);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
backend/app/routes/contactUs/index.js
router.delete("/deleteContactUs",authMiddleware, deleteContactUs);
router.get('/getcontactus', authMiddleware, getContact);
router.post('/', validation(contactValidationSchema), postContact);
router.delete('/deleteContactUs', authMiddleware, deleteContactUs);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.
Kajol-Kumari
Kajol-Kumari approved these changes May 26, 2024
View reviewed changes
Copy link
Member

@Kajol-Kumari Kajol-Kumari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Kajol-Kumari Kajol-Kumari added level2 Bug fixing, adding small features. gssoc GSSoC'24 Label labels May 26, 2024
@Kajol-Kumari Kajol-Kumari merged commit 0854391 into HITK-TECH-Community:main May 26, 2024
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kajol-Kumari Kajol-Kumari Kajol-Kumari approved these changes

Assignees

@Hemu21 Hemu21

Labels
gssoc GSSoC'24 Label level2 Bug fixing, adding small features.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Backend] Auth remove for post contact us
2 participants
@Hemu21 @Kajol-Kumari