mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 23:46:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

SecurityManager: Use constants for returned rejections

Browse source 
This reduces the chances of a typo-induced bug.
This commit is contained in:
Richard Hansen 2020-09-02 18:43:05 -04:00 committed by John McLear
parent 818194da90
commit db0bcb524e
1 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/node/db/SecurityManager.js
View file

@ -26,6 +26,10 @@ var settings = require("../utils/Settings");
var log4js = require('log4js'); var log4js = require('log4js');
var authLogger = log4js.getLogger("auth"); var authLogger = log4js.getLogger("auth");
const DENY = Object.freeze({accessStatus: 'deny'});
const WRONG_PASSWORD = Object.freeze({accessStatus: 'wrongPassword'});
const NEED_PASSWORD = Object.freeze({accessStatus: 'needPassword'});
/** /**
* This function controlls the access to a pad, it checks if the user can access a pad. * This function controlls the access to a pad, it checks if the user can access a pad.
* @param padID the pad the user wants to access * @param padID the pad the user wants to access
@ -39,17 +43,14 @@ var authLogger = log4js.getLogger("auth");
*/ */
exports.checkAccess = async function(padID, sessionCookie, token, password) exports.checkAccess = async function(padID, sessionCookie, token, password)
{ {
// immutable object
let deny = Object.freeze({ accessStatus: "deny" });
if (!padID) { if (!padID) {
return deny; return DENY;
} }
// allow plugins to deny access // allow plugins to deny access
var deniedByHook = hooks.callAll("onAccessCheck", {'padID': padID, 'password': password, 'token': token, 'sessionCookie': sessionCookie}).indexOf(false) > -1; var deniedByHook = hooks.callAll("onAccessCheck", {'padID': padID, 'password': password, 'token': token, 'sessionCookie': sessionCookie}).indexOf(false) > -1;
if (deniedByHook) { if (deniedByHook) {
return deny; return DENY;
} }
// start to get author for this token // start to get author for this token
@ -62,13 +63,13 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
// a valid session is required (api-only mode) // a valid session is required (api-only mode)
if (!sessionCookie) { if (!sessionCookie) {
// without sessionCookie, access is denied // without sessionCookie, access is denied
return deny; return DENY;
} }
} else { } else {
// a session is not required, so we'll check if it's a public pad // a session is not required, so we'll check if it's a public pad
if (padID.indexOf("$") === -1) { if (padID.indexOf("$") === -1) {
// it's not a group pad, means we can grant access // it's not a group pad, means we can grant access
if (settings.editOnly && !(await p_padExists)) return deny; if (settings.editOnly && !(await p_padExists)) return DENY;
return {accessStatus: 'grant', authorID: await p_tokenAuthor}; return {accessStatus: 'grant', authorID: await p_tokenAuthor};
} }
} }
@ -190,14 +191,14 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
// - the pad is password protected but wrong password given // - the pad is password protected but wrong password given
// --> deny access, ask for new password and tell them that the password is wrong // --> deny access, ask for new password and tell them that the password is wrong
return { accessStatus: "wrongPassword" }; return WRONG_PASSWORD;
} }
if (isPasswordProtected && passwordStatus === "notGiven") { if (isPasswordProtected && passwordStatus === "notGiven") {
// - the pad is password protected but no password given // - the pad is password protected but no password given
// --> ask for password // --> ask for password
return { accessStatus: "needPassword" }; return NEED_PASSWORD;
} }
throw new Error("Oops, something wrong happend"); throw new Error("Oops, something wrong happend");
@ -213,7 +214,7 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
// --> deny access if user isn't allowed to create the pad // --> deny access if user isn't allowed to create the pad
if (settings.editOnly) { if (settings.editOnly) {
authLogger.debug("Auth failed: valid session & pad does not exist"); authLogger.debug("Auth failed: valid session & pad does not exist");
accessStatus = "deny"; return DENY;
} }
return { accessStatus, authorID }; return { accessStatus, authorID };
@ -243,14 +244,14 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
// - it's public and the pad is password protected but wrong password given // - it's public and the pad is password protected but wrong password given
// --> deny access, ask for new password and tell them that the password is wrong // --> deny access, ask for new password and tell them that the password is wrong
return { accessStatus: "wrongPassword" }; return WRONG_PASSWORD;
} }
if (isPublic && isPasswordProtected && passwordStatus === "notGiven") { if (isPublic && isPasswordProtected && passwordStatus === "notGiven") {
// - it's public and the pad is password protected but no password given // - it's public and the pad is password protected but no password given
// --> ask for password // --> ask for password
return { accessStatus: "needPassword" }; return NEED_PASSWORD;
} }
if (!isPublic) { if (!isPublic) {
@ -258,7 +259,7 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
authLogger.debug("Auth failed: invalid session & pad is not public"); authLogger.debug("Auth failed: invalid session & pad is not public");
// --> deny access // --> deny access
return { accessStatus: "deny" }; return DENY;
} }
throw new Error("Oops, something wrong happend"); throw new Error("Oops, something wrong happend");
@ -266,5 +267,5 @@ exports.checkAccess = async function(padID, sessionCookie, token, password)
// there is no valid session avaiable AND pad doesn't exist // there is no valid session avaiable AND pad doesn't exist
authLogger.debug("Auth failed: invalid session & pad does not exist"); authLogger.debug("Auth failed: invalid session & pad does not exist");
return { accessStatus: "deny" }; return DENY;
} }