libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-31 19:02:59 +01:00
Code Issues Projects Releases Wiki Activity

SecurityManager: clarify the role of the token parameter (and cookie)

Browse source 
"token" is a random token representing the author, of the form
t.randomstring_of_lenght_20. The random string is generated by the client. The
cookie is used for every pad in the web UI, and is not used for HTTP API.

This comes from the discussion at https://github.com/ether/etherpad-lite/issues/3563
This commit is contained in:
muxator 2020-04-24 02:55:20 +02:00
parent db77302883
commit 01497aa399
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/node/db/SecurityManager.js
View file

@ -30,7 +30,10 @@ var authLogger = log4js.getLogger("auth");
* This function controlls the access to a pad, it checks if the user can access a pad.
* @param padID the pad the user wants to access
* @param sessionCookie the session the user has (set via api)
* @param token the token of the author (randomly generated at client side, used for public pads)
* @param token a random token representing the author, of the form
* t.randomstring_of_lenght_20. The random string is generated by
* the client.
* Used for every pad in the web UI. Not used for the HTTP API.
* @param password the password the user has given to access this pad, can be null
* @return {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
*/