mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 16:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26
etherpad-lite/src/node/db
History
Richard Hansen f7953ece85 socketio: Delete redundant authentication check 
There's no need to perform an authentication check in the socket.io
middleware because `PadMessageHandler.handleMessage` calls
`SecurityMananger.checkAccess` and that now performs authentication
and authorization checks.

This change also improves the user experience: Before, access denials
caused socket.io error events in the client, which `pad.js` mostly
ignores (the user doesn't see anything). Now a deny message is sent
back to the client, which causes `pad.js` to display an obvious
permission denied message.

This also fixes a minor bug: `settings.loadTest` is supposed to bypass
authentication and authorization checks, but they weren't bypassed
because `SecurityManager.checkAccess` did not check
`settings.loadTest`.
2020-10-05 18:12:04 +01:00
..
API.js async-ify more functions, and await completion 2020-09-22 14:10:44 +01:00
AuthorManager.js async-ify more functions, and await completion 2020-09-22 14:10:44 +01:00
DB.js Refactor startup/shutdown for tests 2020-09-22 11:07:21 +01:00
GroupManager.js GroupManager: typo during session deletion 2020-09-08 00:45:39 +01:00
Pad.js async-ify more functions, and await completion 2020-09-22 14:10:44 +01:00
PadManager.js async-ify more functions, and await completion 2020-09-22 14:10:44 +01:00
ReadOnlyManager.js Fix readOnly pad export 2020-09-26 21:47:35 +01:00
SecurityManager.js socketio: Delete redundant authentication check 2020-10-05 18:12:04 +01:00
SessionManager.js SessionManager: Fix session expiration check 2020-09-19 21:10:36 +01:00
SessionStore.js SessionStore: Don't call callback until cached in DB layer 2020-09-21 23:21:05 +01:00