Merge branch 'develop' of github.com:ether/etherpad-lite into develop
This commit is contained in:
John McLear
commit
50066d06e7
3 changed files with 29 additions and 9 deletions
|
|
@ -27,6 +27,8 @@ var padManager = require("./PadManager");
|
|||
var sessionManager = require("./SessionManager");
|
||||
var settings = require("../utils/Settings");
|
||||
var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
|
||||
var log4js = require('log4js');
|
||||
var authLogger = log4js.getLogger("auth");
|
||||
|
||||
/**
|
||||
* This function controlls the access to a pad, it checks if the user can access a pad.
|
||||
|
|
@ -117,29 +119,41 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
|||
//get information about all sessions contained in this cookie
|
||||
function(callback)
|
||||
{
|
||||
if (!sessionCookie) {
|
||||
if (!sessionCookie)
|
||||
{
|
||||
callback();
|
||||
return;
|
||||
}
|
||||
|
||||
var sessionIDs = sessionCookie.split(',');
|
||||
async.forEach(sessionIDs, function(sessionID, callback) {
|
||||
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
|
||||
async.forEach(sessionIDs, function(sessionID, callback)
|
||||
{
|
||||
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
|
||||
{
|
||||
//skip session if it doesn't exist
|
||||
if(err && err.message == "sessionID does not exist") return;
|
||||
if(err && err.message == "sessionID does not exist")
|
||||
{
|
||||
authLogger.debug("Auth failed: unknown session");
|
||||
callback();
|
||||
return;
|
||||
}
|
||||
|
||||
if(ERR(err, callback)) return;
|
||||
|
||||
var now = Math.floor(new Date().getTime()/1000);
|
||||
|
||||
//is it for this group?
|
||||
if(sessionInfo.groupID != groupID) {
|
||||
if(sessionInfo.groupID != groupID)
|
||||
{
|
||||
authLogger.debug("Auth failed: wrong group");
|
||||
callback();
|
||||
return;
|
||||
}
|
||||
|
||||
//is validUntil still ok?
|
||||
if(sessionInfo.validUntil <= now){
|
||||
if(sessionInfo.validUntil <= now)
|
||||
{
|
||||
authLogger.debug("Auth failed: validUntil");
|
||||
callback();
|
||||
return;
|
||||
}
|
||||
|
|
@ -234,7 +248,11 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
|||
//--> grant access
|
||||
statusObject = {accessStatus: "grant", authorID: sessionAuthor};
|
||||
//--> deny access if user isn't allowed to create the pad
|
||||
if(settings.editOnly) statusObject.accessStatus = "deny";
|
||||
if(settings.editOnly)
|
||||
{
|
||||
authLogger.debug("Auth failed: valid session & pad does not exist");
|
||||
statusObject.accessStatus = "deny";
|
||||
}
|
||||
}
|
||||
// there is no valid session avaiable AND pad exists
|
||||
else if(!validSession && padExists)
|
||||
|
|
@ -266,6 +284,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
|||
//- its not public
|
||||
else if(!isPublic)
|
||||
{
|
||||
authLogger.debug("Auth failed: invalid session & pad is not public");
|
||||
//--> deny access
|
||||
statusObject = {accessStatus: "deny"};
|
||||
}
|
||||
|
|
@ -277,6 +296,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
|||
// there is no valid session avaiable AND pad doesn't exists
|
||||
else
|
||||
{
|
||||
authLogger.debug("Auth failed: invalid session & pad does not exist");
|
||||
//--> deny access
|
||||
statusObject = {accessStatus: "deny"};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ function handshake()
|
|||
createCookie("token", token, 60);
|
||||
}
|
||||
|
||||
var sessionID = readCookie("sessionID");
|
||||
var sessionID = decodeURIComponent(readCookie("sessionID"));
|
||||
var password = readCookie("password");
|
||||
|
||||
var msg = {
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ function init() {
|
|||
//sends a message over the socket
|
||||
function sendSocketMsg(type, data)
|
||||
{
|
||||
var sessionID = readCookie("sessionID");
|
||||
var sessionID = decodeURIComponent(readCookie("sessionID"));
|
||||
var password = readCookie("password");
|
||||
|
||||
var msg = { "component" : "pad", // FIXME: Remove this stupidity!
|
||||
|
|
|
|||
Loading…
Reference in a new issue