mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 06:37:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge 1603c2f5dd into 18ac89e374

Browse source
This commit is contained in:
GitHub Merge Button 2011-12-11 07:22:48 -08:00
commit dca621bb36
3 changed files with 39 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

9
node/db/SecurityManager.js
View file

@ -91,6 +91,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
var groupID = padID.split("$")[0];
var padExists = false;
var validSession = false;
var pwsalt;
var sessionAuthor;
var tokenAuthor;
var isPublic;
@ -171,6 +172,9 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
//is it password protected?
isPasswordProtected = pad.isPasswordProtected();
//get the password salt used by the hash function
pwsalt = pad.getPasswordSalt();
//is password correct?
if(isPasswordProtected && password && pad.isCorrectPassword(password))
@ -202,13 +206,14 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
else if(isPasswordProtected && passwordStatus == "wrong")
{
//--> deny access, ask for new password and tell them that the password is wrong
statusObject = {accessStatus: "wrongPassword"};
//The salt can be safely shared since it is not secret. It does its job (improving resistence against rainbow table attacks) even when public.
statusObject = {accessStatus: "wrongPassword", passwordSalt: pwsalt};
}
//- the pad is password protected but no password given
else if(isPasswordProtected && passwordStatus == "notGiven")
{
//--> ask for password
statusObject = {accessStatus: "needPassword"};
statusObject = {accessStatus: "needPassword", passwordSalt: pwsalt};
}
else
{