Merge branch 'v2.x/staging' into bugfix/v2/ha-mode-detection

Signed-off-by: 1000TurquoisePogs <[email protected]>
zowe · Jan 9, 2024 · 8e8ac6a · 8e8ac6a
2 parents 9a52425 + 698a5ea
commit 8e8ac6a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,8 +4,9 @@ All notable changes to the Zlux Server Framework package will be documented in t
 This repo is part of the app-server Zowe Component, and the change logs here may appear on Zowe.org in that section.
 
 ## 2.14.0
-- Bugfix: App-server would not correctly detect when it was running in a high-availability configuration environment.
-
+- Bugfix: App-server would not correctly detect when it was running in a high-availability configuration environment. (#521)
+- Bugfix: A call to GET /plugins would trigger an authorization check regardless of if rbac was set on or off (#523)
+
 ## 2.13.0
 - Added support for using zowe.network and components.app-server.zowe.network to set listener IP and TLS properties including max and min version, ciphers, and ECDH curves. (#511)
 - Enhanced cipher customization to allow for ciphers to be specified in IANA format in addition to the existing OpenSSL format. (#511)

diff --git a/lib/webauth.js b/lib/webauth.js
@@ -500,7 +500,7 @@ module.exports = function(authManager, cookieIdentifier, isSecurePort) {
         authLogger.debug(`${req.session.id}: Initiating isAuthorized check with ${handler.pluginID}`);        
         result = yield handler.authorized(req, authPluginSession, {
           syncOnly: isWebsocket,
-          bypassAuthorizatonCheck: !authManager.isRbacEnabled
+          bypassAuthorizatonCheck: !authManager.isRbacEnabled()
         });
         next();
         return;