mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-04-20 15:36:16 -04:00
pass correct padID to checkAccess if pad is requested via readOnly link
This commit is contained in:
vileda
parent
ef4e0d0eb0
commit
77c2313025
2 changed files with 34 additions and 17 deletions
|
|
@ -23,6 +23,7 @@ var ERR = require("async-stacktrace");
|
|||
var log4js = require('log4js');
|
||||
var messageLogger = log4js.getLogger("message");
|
||||
var securityManager = require("../db/SecurityManager");
|
||||
var readOnlyManager = require("../db/ReadOnlyManager");
|
||||
var settings = require('../utils/Settings');
|
||||
|
||||
/**
|
||||
|
|
@ -87,23 +88,29 @@ exports.setSocketIO = function(_socket) {
|
|||
handleMessage(client, message);
|
||||
} else { //try to authorize the client
|
||||
if(message.padId !== undefined && message.sessionID !== undefined && message.token !== undefined && message.password !== undefined) {
|
||||
//this message has everything to try an authorization
|
||||
securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password,
|
||||
function(err, statusObject) {
|
||||
ERR(err);
|
||||
var checkAccessCallback = function(err, statusObject) {
|
||||
ERR(err);
|
||||
|
||||
//access was granted, mark the client as authorized and handle the message
|
||||
if(statusObject.accessStatus == "grant") {
|
||||
clientAuthorized = true;
|
||||
handleMessage(client, message);
|
||||
}
|
||||
//no access, send the client a message that tell him why
|
||||
else {
|
||||
messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));
|
||||
client.json.send({accessStatus: statusObject.accessStatus});
|
||||
}
|
||||
//access was granted, mark the client as authorized and handle the message
|
||||
if(statusObject.accessStatus == "grant") {
|
||||
clientAuthorized = true;
|
||||
handleMessage(client, message);
|
||||
}
|
||||
);
|
||||
//no access, send the client a message that tell him why
|
||||
else {
|
||||
messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));
|
||||
client.json.send({accessStatus: statusObject.accessStatus});
|
||||
}
|
||||
};
|
||||
if (message.padId.indexOf("r.") === 0) {
|
||||
readOnlyManager.getPadId(message.padId, function(err, value) {
|
||||
ERR(err);
|
||||
securityManager.checkAccess (value, message.sessionID, message.token, message.password, checkAccessCallback);
|
||||
});
|
||||
} else {
|
||||
//this message has everything to try an authorization
|
||||
securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password, checkAccessCallback);
|
||||
}
|
||||
} else { //drop message
|
||||
messageLogger.warn("Dropped message cause of bad permissions:" + stringifyWithoutPassword(message));
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue