mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-04-23 08:56:17 -04:00
Merge branch 'develop' of github.com:ether/etherpad-lite into develop
This commit is contained in:
John McLear
commit
50066d06e7
3 changed files with 29 additions and 9 deletions
|
|
@ -27,6 +27,8 @@ var padManager = require("./PadManager");
|
||||||
var sessionManager = require("./SessionManager");
|
var sessionManager = require("./SessionManager");
|
||||||
var settings = require("../utils/Settings");
|
var settings = require("../utils/Settings");
|
||||||
var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
|
var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
|
||||||
|
var log4js = require('log4js');
|
||||||
|
var authLogger = log4js.getLogger("auth");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This function controlls the access to a pad, it checks if the user can access a pad.
|
* This function controlls the access to a pad, it checks if the user can access a pad.
|
||||||
|
|
@ -117,29 +119,41 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
||||||
//get information about all sessions contained in this cookie
|
//get information about all sessions contained in this cookie
|
||||||
function(callback)
|
function(callback)
|
||||||
{
|
{
|
||||||
if (!sessionCookie) {
|
if (!sessionCookie)
|
||||||
|
{
|
||||||
callback();
|
callback();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
var sessionIDs = sessionCookie.split(',');
|
var sessionIDs = sessionCookie.split(',');
|
||||||
async.forEach(sessionIDs, function(sessionID, callback) {
|
async.forEach(sessionIDs, function(sessionID, callback)
|
||||||
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
|
{
|
||||||
|
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
|
||||||
|
{
|
||||||
//skip session if it doesn't exist
|
//skip session if it doesn't exist
|
||||||
if(err && err.message == "sessionID does not exist") return;
|
if(err && err.message == "sessionID does not exist")
|
||||||
|
{
|
||||||
|
authLogger.debug("Auth failed: unknown session");
|
||||||
|
callback();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if(ERR(err, callback)) return;
|
if(ERR(err, callback)) return;
|
||||||
|
|
||||||
var now = Math.floor(new Date().getTime()/1000);
|
var now = Math.floor(new Date().getTime()/1000);
|
||||||
|
|
||||||
//is it for this group?
|
//is it for this group?
|
||||||
if(sessionInfo.groupID != groupID) {
|
if(sessionInfo.groupID != groupID)
|
||||||
|
{
|
||||||
|
authLogger.debug("Auth failed: wrong group");
|
||||||
callback();
|
callback();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
//is validUntil still ok?
|
//is validUntil still ok?
|
||||||
if(sessionInfo.validUntil <= now){
|
if(sessionInfo.validUntil <= now)
|
||||||
|
{
|
||||||
|
authLogger.debug("Auth failed: validUntil");
|
||||||
callback();
|
callback();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -234,7 +248,11 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
||||||
//--> grant access
|
//--> grant access
|
||||||
statusObject = {accessStatus: "grant", authorID: sessionAuthor};
|
statusObject = {accessStatus: "grant", authorID: sessionAuthor};
|
||||||
//--> deny access if user isn't allowed to create the pad
|
//--> deny access if user isn't allowed to create the pad
|
||||||
if(settings.editOnly) statusObject.accessStatus = "deny";
|
if(settings.editOnly)
|
||||||
|
{
|
||||||
|
authLogger.debug("Auth failed: valid session & pad does not exist");
|
||||||
|
statusObject.accessStatus = "deny";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// there is no valid session avaiable AND pad exists
|
// there is no valid session avaiable AND pad exists
|
||||||
else if(!validSession && padExists)
|
else if(!validSession && padExists)
|
||||||
|
|
@ -266,6 +284,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
||||||
//- its not public
|
//- its not public
|
||||||
else if(!isPublic)
|
else if(!isPublic)
|
||||||
{
|
{
|
||||||
|
authLogger.debug("Auth failed: invalid session & pad is not public");
|
||||||
//--> deny access
|
//--> deny access
|
||||||
statusObject = {accessStatus: "deny"};
|
statusObject = {accessStatus: "deny"};
|
||||||
}
|
}
|
||||||
|
|
@ -277,6 +296,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
||||||
// there is no valid session avaiable AND pad doesn't exists
|
// there is no valid session avaiable AND pad doesn't exists
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
authLogger.debug("Auth failed: invalid session & pad does not exist");
|
||||||
//--> deny access
|
//--> deny access
|
||||||
statusObject = {accessStatus: "deny"};
|
statusObject = {accessStatus: "deny"};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -191,7 +191,7 @@ function handshake()
|
||||||
createCookie("token", token, 60);
|
createCookie("token", token, 60);
|
||||||
}
|
}
|
||||||
|
|
||||||
var sessionID = readCookie("sessionID");
|
var sessionID = decodeURIComponent(readCookie("sessionID"));
|
||||||
var password = readCookie("password");
|
var password = readCookie("password");
|
||||||
|
|
||||||
var msg = {
|
var msg = {
|
||||||
|
|
|
||||||
|
|
@ -116,7 +116,7 @@ function init() {
|
||||||
//sends a message over the socket
|
//sends a message over the socket
|
||||||
function sendSocketMsg(type, data)
|
function sendSocketMsg(type, data)
|
||||||
{
|
{
|
||||||
var sessionID = readCookie("sessionID");
|
var sessionID = decodeURIComponent(readCookie("sessionID"));
|
||||||
var password = readCookie("password");
|
var password = readCookie("password");
|
||||||
|
|
||||||
var msg = { "component" : "pad", // FIXME: Remove this stupidity!
|
var msg = { "component" : "pad", // FIXME: Remove this stupidity!
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue