Node.js - Beginner -- What am I missing?

In the Node.js - Beginner collection there is a practical lab on Forced Browsing. I have completed what is setup as the criteria for the lab but it keeps telling me that the code isn't secure.

I have tested with two different users and the solution works to prevent forced browsing.

Is there some other criteria that needs to be met that I'm missing.

Remediation:

Authorization check: returns a 401 if the user isn't logged in

I have also added the author check to verify that only the logged in user retrieves their own drafts.

feedback

help & support

netcat
7 months ago
You could add a check if the id actually exists to your code, but that will not help to make your code pass.
All in all, for 100 points that's too much code. Try this:
exports.getDraft = async (req, res) => { return res.status(401).send("Unauthorized"); }
-> When testers fail to implement proper tests, the customer get's partially functional software. At least the tests are passed and the code can be shipped to production immediately.

Forum Discussion

Node.js - Beginner -- What am I missing?

Featured Places

Help & Support Forum

Recent Discussions

Autopsy Ep 3 question 5

Wizard Spider DFIR: Ep.10 – Demonstrate Your Skills

APT29 Threat Hunting with Splunk Ep.11 Q11

kali linux: killall xfce4-panel

"Git Security: SSH Keys" lab Question 4