(permissions)
| 2548 | |
| 2549 | describe('(GHSA-4m9m-p9j9-5hjw) User enumeration via signup endpoint', () => { |
| 2550 | async function updateCLP(permissions) { |
| 2551 | const response = await fetch(Parse.serverURL + '/schemas/_User', { |
| 2552 | method: 'PUT', |
| 2553 | headers: { |
| 2554 | 'X-Parse-Application-Id': Parse.applicationId, |
| 2555 | 'X-Parse-Master-Key': Parse.masterKey, |
| 2556 | 'Content-Type': 'application/json', |
| 2557 | }, |
| 2558 | body: JSON.stringify({ classLevelPermissions: permissions }), |
| 2559 | }); |
| 2560 | const body = await response.json(); |
| 2561 | if (body.error) { |
| 2562 | throw body; |
| 2563 | } |
| 2564 | } |
| 2565 | |
| 2566 | it('does not reveal existing username when public create CLP is disabled', async () => { |
| 2567 | const user = new Parse.User(); |
no test coverage detected