From 01497aa399690e44393e91c19917d11d025df71b Mon Sep 17 00:00:00 2001
From: muxator <a.mux@inwind.it>
Date: Fri, 24 Apr 2020 02:55:20 +0200
Subject: [PATCH] SecurityManager: clarify the role of the token parameter (and
 cookie)

"token" is a random token representing the author, of the form
t.randomstring_of_lenght_20. The random string is generated by the client. The
cookie is used for every pad in the web UI, and is not used for HTTP API.

This comes from the discussion at https://github.com/ether/etherpad-lite/issues/3563
---
 src/node/db/SecurityManager.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index dbc8d6f6d..d0fc6645a 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -30,7 +30,10 @@ var authLogger = log4js.getLogger("auth");
  * This function controlls the access to a pad, it checks if the user can access a pad.
  * @param padID the pad the user wants to access
  * @param sessionCookie the session the user has (set via api)
- * @param token the token of the author (randomly generated at client side, used for public pads)
+ * @param token a random token representing the author, of the form
+ *              t.randomstring_of_lenght_20. The random string is generated by
+ *              the client.
+ *              Used for every pad in the web UI. Not used for the HTTP API.
  * @param password the password the user has given to access this pad, can be null
  * @return {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
  */