Node.js - Beginner -- What am I missing?
In the Node.js - Beginner collection there is a practical lab on Forced Browsing. I have completed what is setup as the criteria for the lab but it keeps telling me that the code isn't secure.
I have tested with two different users and the solution works to prevent forced browsing.
Is there some other criteria that needs to be met that I'm missing.
Remediation:
Authorization check: returns a 401 if the user isn't logged in
I have also added the author check to verify that only the logged in user retrieves their own drafts.
You could add a check if the id actually exists to your code, but that will not help to make your code pass.
All in all, for 100 points that's too much code. Try this:exports.getDraft = async (req, res) => { return res.status(401).send("Unauthorized"); }
-> When testers fail to implement proper tests, the customer get's partially functional software. At least the tests are passed and the code can be shipped to production immediately.