sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Respond 401 not 404 when bad request token

This commit is contained in:
Dane Everitt 2017-06-28 20:05:50 -05:00
parent 9ca5f97e65
commit 9515128b8a
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.6.4 (Courageous Carniadactylus)
### Changed
* Panel API for Daemon now responds with a `HTTP/401 Unauthorized` error when unable to locate a node with a given authentication token, rather than a `HTTP/404 Not Found` response.
## v0.6.3 (Courageous Carniadactylus) ## v0.6.3 (Courageous Carniadactylus)
### Fixed ### Fixed
* **[Security]** — Addresses an oversight in how the terminal rendered information sent from the server feed which allowed a malicious user to execute arbitrary commands on the game-server process itself by using a specifically crafted in-game command. * **[Security]** — Addresses an oversight in how the terminal rendered information sent from the server feed which allowed a malicious user to execute arbitrary commands on the game-server process itself by using a specifically crafted in-game command.

2
app/Http/Middleware/DaemonAuthenticate.php
View File

@ -76,7 +76,7 @@ class DaemonAuthenticate
$node = Node::where('daemonSecret', $request->header('X-Access-Node'))->first(); $node = Node::where('daemonSecret', $request->header('X-Access-Node'))->first();
if (! $node) { if (! $node) {
return abort(404); return abort(401);
} }
return $next($request); return $next($request);