From 8053875d45dbc2a3ae46335f9f55ed139e8b0d1f Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Mon, 28 Feb 2022 19:20:55 -0500
Subject: [PATCH] pad_utils: Factor out author token generation

---
 src/static/js/pad.js                | 2 +-
 src/static/js/pad_utils.js          | 6 ++++++
 src/tests/backend/common.js         | 3 ++-
 src/tests/backend/specs/messages.js | 2 +-
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/static/js/pad.js b/src/static/js/pad.js
index e831454de..07fffa6d2 100644
--- a/src/static/js/pad.js
+++ b/src/static/js/pad.js
@@ -178,7 +178,7 @@ const sendClientReady = (isReconnect) => {
 
   let token = Cookies.get('token');
   if (token == null) {
-    token = `t.${randomString()}`;
+    token = padutils.generateAuthorToken();
     Cookies.set('token', token, {expires: 60});
   }
 
diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js
index 4a33ef449..ac45d9ca3 100644
--- a/src/static/js/pad_utils.js
+++ b/src/static/js/pad_utils.js
@@ -327,6 +327,12 @@ const padutils = {
       return cc;
     }
   }),
+
+  /**
+   * Returns a string that can be used in the `token` cookie as a secret that authenticates a
+   * particular author.
+   */
+  generateAuthorToken: () => `t.${randomString()}`,
 };
 
 let globalExceptionHandler = null;
diff --git a/src/tests/backend/common.js b/src/tests/backend/common.js
index 000354232..1433597f7 100644
--- a/src/tests/backend/common.js
+++ b/src/tests/backend/common.js
@@ -5,6 +5,7 @@ const apiHandler = require('../../node/handler/APIHandler');
 const assert = require('assert').strict;
 const io = require('socket.io-client');
 const log4js = require('log4js');
+const {padutils} = require('../../static/js/pad_utils');
 const process = require('process');
 const server = require('../../node/server');
 const setCookieParser = require('set-cookie-parser');
@@ -172,7 +173,7 @@ exports.connect = async (res = null) => {
  * @param {string} padId - Which pad to join.
  * @returns The CLIENT_VARS message from the server.
  */
-exports.handshake = async (socket, padId, token = 't.12345') => {
+exports.handshake = async (socket, padId, token = padutils.generateAuthorToken()) => {
   logger.debug('sending CLIENT_READY...');
   socket.send({
     component: 'pad',
diff --git a/src/tests/backend/specs/messages.js b/src/tests/backend/specs/messages.js
index 55b8807ac..bccb2584d 100644
--- a/src/tests/backend/specs/messages.js
+++ b/src/tests/backend/specs/messages.js
@@ -37,7 +37,7 @@ describe(__filename, function () {
     roPadId = await readOnlyManager.getReadOnlyId(padId);
     res = await agent.get(`/p/${roPadId}`).expect(200);
     roSocket = await common.connect(res);
-    await common.handshake(roSocket, roPadId, `t.${common.randomString(8)}`);
+    await common.handshake(roSocket, roPadId);
   });
 
   afterEach(async function () {