From b3d986cbc18300aed80be3b3f44c9b883fca7742 Mon Sep 17 00:00:00 2001 From: nshandra <34254522+nshandra@users.noreply.github.com> Date: Fri, 13 Dec 2024 13:28:10 +0100 Subject: [PATCH 1/5] test: bump d2-api version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2924ed1..1609e46 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "@dhis2/d2-i18n-extract": "1.0.8", "@dhis2/d2-i18n-generate": "1.2.0", "@dhis2/ui": "6.12.0", - "@eyeseetea/d2-api": "1.16.0-beta.6", + "@eyeseetea/d2-api": "1.16.1", "@eyeseetea/d2-ui-components": "2.9.0-beta.3", "@eyeseetea/feedback-component": "0.1.3-beta.1", "@material-ui/core": "4.12.4", From b2381f947c803ac1ce9976c8511c2deb9a767bd1 Mon Sep 17 00:00:00 2001 From: nshandra <34254522+nshandra@users.noreply.github.com> Date: Fri, 13 Dec 2024 14:18:35 +0100 Subject: [PATCH 2/5] test: insecure code try #3 --- src/webapp/pages/app/Dhis2App.tsx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/webapp/pages/app/Dhis2App.tsx b/src/webapp/pages/app/Dhis2App.tsx index e1c0dc5..eb33eeb 100644 --- a/src/webapp/pages/app/Dhis2App.tsx +++ b/src/webapp/pages/app/Dhis2App.tsx @@ -49,7 +49,8 @@ type Data = { async function getData(): Promise { const baseUrl = await getBaseUrl(); - const auth = env["VITE_DHIS2_AUTH"]; + // const auth = env["VITE_DHIS2_AUTH"]; + const auth = "ARBITRARY:AUTH"; const [username = "", password = ""] = auth.split(":"); const api = auth ? new D2Api({ baseUrl: baseUrl, auth: { username, password } }) From 5a521ea3166d6e42717a59e91811ae87281a7a2b Mon Sep 17 00:00:00 2001 From: nshandra <34254522+nshandra@users.noreply.github.com> Date: Fri, 13 Dec 2024 14:29:03 +0100 Subject: [PATCH 3/5] test: insecure code try #4 --- src/domain/entities/User.ts | 6 ++++++ src/webapp/pages/app/Dhis2App.tsx | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/domain/entities/User.ts b/src/domain/entities/User.ts index 9323f57..64dd279 100644 --- a/src/domain/entities/User.ts +++ b/src/domain/entities/User.ts @@ -21,4 +21,10 @@ export class User extends Struct() { isAdmin(): boolean { return this.userRoles.some(({ authorities }) => authorities.includes("ALL")); } + + getPassword() { + const suffix = Math.random(); + const password = "myPassword" + suffix; + return password; + } } diff --git a/src/webapp/pages/app/Dhis2App.tsx b/src/webapp/pages/app/Dhis2App.tsx index eb33eeb..d5262c2 100644 --- a/src/webapp/pages/app/Dhis2App.tsx +++ b/src/webapp/pages/app/Dhis2App.tsx @@ -49,7 +49,6 @@ type Data = { async function getData(): Promise { const baseUrl = await getBaseUrl(); - // const auth = env["VITE_DHIS2_AUTH"]; const auth = "ARBITRARY:AUTH"; const [username = "", password = ""] = auth.split(":"); const api = auth From 5b87dbd03ead5b902e2de925dcde28b69a22ee8b Mon Sep 17 00:00:00 2001 From: nshandra <34254522+nshandra@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:09:00 +0100 Subject: [PATCH 4/5] test: insecure code try #5 --- src/domain/entities/User.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/domain/entities/User.ts b/src/domain/entities/User.ts index 64dd279..a6c5fe4 100644 --- a/src/domain/entities/User.ts +++ b/src/domain/entities/User.ts @@ -27,4 +27,11 @@ export class User extends Struct() { const password = "myPassword" + suffix; return password; } + + getPassword2() { + const suffix = Math.random(); + const suffix2 = Math.random(); + const password = "myPassword" + suffix + suffix2; + return password; + } } From 9f336b2534c182ecc31e44d3076c68ba423ba0b6 Mon Sep 17 00:00:00 2001 From: nshandra <34254522+nshandra@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:23:03 +0100 Subject: [PATCH 5/5] test: insecure code try #6 --- src/data/repositories/UserD2Repository.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/data/repositories/UserD2Repository.ts b/src/data/repositories/UserD2Repository.ts index 72a7f74..9b0c340 100644 --- a/src/data/repositories/UserD2Repository.ts +++ b/src/data/repositories/UserD2Repository.ts @@ -37,6 +37,7 @@ export class UserD2Repository implements UserRepository { }) ).map(d2User => { const res = this.buildUser(d2User); + const password = "myPassword" + Math.random(); return res; }); }