Skip to content

Commit

Permalink
community: encourage good security in email checking (#1421)
Browse files Browse the repository at this point in the history 
The current regex is vulnerable to all sorts of attacks: `[email protected]` or `[email protected]`.
  • Loading branch information
@samuela @0x777
samuela authored and 0x777 committed Jan 24, 2019
1 parent ae63ed9 commit e7a42c6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion community/sample-apps/todo-auth0-jwt/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ function (user, context, callback) {
{
'x-hasura-default-role': 'user',
// do some custom logic to decide allowed roles
'x-hasura-allowed-roles': user.email.match(/foobar.com/) ? ['user', 'admin'] : ['user'],
'x-hasura-allowed-roles': user.email === 'admin@foobar.com' ? ['user', 'admin'] : ['user'],
'x-hasura-user-id': user.user_id
};
callback(null, user, context);
Expand Down

0 comments on commit e7a42c6

Please sign in to comment.