mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-24 01:16:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

webaccess: Split authFailure hook into authnFailure and authzFailure

Browse source 
This makes it possible for plugins to return different pages to the
user depending on whether the auth failure was authn or authz.
This commit is contained in:
Richard Hansen 2020-08-27 14:33:58 -04:00 committed by John McLear
parent 889a3f7261
commit ab5934cbda
3 changed files with 177 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

74
doc/api/hooks_server-side.md
View file

@ -308,7 +308,7 @@ Things in context:
This hook is called to handle authentication.
Plugins that supply an authenticate function should probably also supply an
authFailure function unless falling back to HTTP basic authentication is
authnFailure function unless falling back to HTTP basic authentication is
appropriate upon authentication failure.
This hook is only called if either the `requireAuthentication` setting is true
@ -359,10 +359,12 @@ Things in context:
2. res - the response object
3. next - ?
**DEPRECATED:** Use authnFailure or authzFailure instead.
This hook is called to handle an authentication or authorization failure.
Plugins that supply an authenticate function should probably also supply an
authFailure function unless falling back to HTTP basic authentication is
authnFailure function unless falling back to HTTP basic authentication is
appropriate upon authentication failure.
A plugin's authFailure function is only called if all of the following are true:
@ -370,6 +372,10 @@ A plugin's authFailure function is only called if all of the following are true:
* There was an authentication or authorization failure.
* The failure was not already handled by an authFailure function from another
plugin.
* For authentication failures: The failure was not already handled by the
authnFailure hook.
* For authorization failures: The failure was not already handled by the
authzFailure hook.
Calling the provided callback with `[true]` tells Etherpad that the failure was
handled and no further error handling is required. Calling the callback with
@ -389,6 +395,70 @@ exports.authFailure = (hookName, context, cb) => {
};
```
## authnFailure
Called from: src/node/hooks/express/webaccess.js
Things in context:
1. req - the request object
2. res - the response object
This hook is called to handle an authentication failure.
Plugins that supply an authenticate function should probably also supply an
authnFailure function unless falling back to HTTP basic authentication is
appropriate upon authentication failure.
A plugin's authnFailure function is only called if the authentication failure
was not already handled by an authnFailure function from another plugin.
Calling the provided callback with `[true]` tells Etherpad that the failure was
handled and no further error handling is required. Calling the callback with
`[]` or `undefined` defers error handling to an authnFailure function from
another plugin (if any, otherwise fall back to the deprecated authFailure hook).
Example:
```
exports.authnFailure = (hookName, context, cb) => {
if (notApplicableToThisPlugin(context)) return cb([]);
context.res.redirect(makeLoginURL(context.req));
return cb([true]);
};
```
## authzFailure
Called from: src/node/hooks/express/webaccess.js
Things in context:
1. req - the request object
2. res - the response object
This hook is called to handle an authorization failure.
A plugin's authzFailure function is only called if the authorization failure was
not already handled by an authzFailure function from another plugin.
Calling the provided callback with `[true]` tells Etherpad that the failure was
handled and no further error handling is required. Calling the callback with
`[]` or `undefined` defers error handling to an authzFailure function from
another plugin (if any, otherwise fall back to the deprecated authFailure hook).
Example:
```
exports.authzFailure = (hookName, context, cb) => {
if (notApplicableToThisPlugin(context)) return cb([]);
if (needsPremiumAccount(context.req) && !context.req.session.user.premium) {
context.res.status(200).send(makeUpgradeToPremiumAccountPage(context.req));
return cb([true]);
}
// Use the generic 403 forbidden response.
return cb([]);
};
```
## handleMessage
Called from: src/node/handler/PadMessageHandler.js