encourage good security in email checking!

The current regex is vulnerable to all sorts of attacks: `[email protected]` or `[email protected]`.
hasura · Jan 21, 2019 · 0144cfc · 0144cfc
1 parent bf67e5e
commit 0144cfc
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/community/sample-apps/todo-auth0-jwt/README.md b/community/sample-apps/todo-auth0-jwt/README.md
@@ -21,7 +21,7 @@ function (user, context, callback) {
     { 
       'x-hasura-default-role': 'user',
       // do some custom logic to decide allowed roles
-      'x-hasura-allowed-roles': user.email.match(/foobar.com/) ? ['user', 'admin'] : ['user'],
+      'x-hasura-allowed-roles': user.email === 'admin@foobar.com' ? ['user', 'admin'] : ['user'],
       'x-hasura-user-id': user.user_id
     };
   callback(null, user, context);