libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-19 22:23:33 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1703 from mluto/kick-users-with-invalid-session-2

Browse source 
Kick the user if the deleteSession-API is called
This commit is contained in:
John McLear 2013-04-03 06:40:50 -07:00
commit 29beda8ebd
2 changed files with 29 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/node/handler/PadMessageHandler.js
View file

@ -203,17 +203,29 @@ exports.handleMessage = function(client, message)
//check permissions //check permissions
function(callback) function(callback)
{ {
// client tried to auth for the first time (first msg from the client)
// If the message has a padId we assume the client is already known to the server and needs no re-authorization if(message.type == "CLIENT_READY") {
if(!message.padId) // Remember this information since we won't
return callback(); // have the cookie in further socket.io messages.
// This information will be used to check if
// the sessionId of this connection is still valid
// since it could have been deleted by the API.
sessioninfos[client.id].auth =
{
sessionID: message.sessionID,
padID: message.padId,
token : message.token,
password: message.password
};
}
// Note: message.sessionID is an entirely different kind of // Note: message.sessionID is an entirely different kind of
// session from the sessions we use here! Beware! FIXME: Call // session from the sessions we use here! Beware!
// our "sessions" "connections". // FIXME: Call our "sessions" "connections".
// FIXME: Use a hook instead // FIXME: Use a hook instead
// FIXME: Allow to override readwrite access with readonly // FIXME: Allow to override readwrite access with readonly
securityManager.checkAccess(message.padId, message.sessionID, message.token, message.password, function(err, statusObject) var auth = sessioninfos[client.id].auth;
securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject)
{ {
if(ERR(err, callback)) return; if(ERR(err, callback)) return;

12
src/static/js/pad.js
View file

@ -252,14 +252,22 @@ function handshake()
socket.on('message', function(obj) socket.on('message', function(obj)
{ {
//the access was not granted, give the user a message //the access was not granted, give the user a message
if(!receivedClientVars && obj.accessStatus) if(obj.accessStatus)
{ {
$('.passForm').submit(require(module.id).savePassword); if(!receivedClientVars)
$('.passForm').submit(require(module.id).savePassword);
if(obj.accessStatus == "deny") if(obj.accessStatus == "deny")
{ {
$('#loading').hide(); $('#loading').hide();
$("#permissionDenied").show(); $("#permissionDenied").show();
if(receivedClientVars)
{
// got kicked
$("#editorcontainer").hide();
$("#editorloadingbox").show();
}
} }
else if(obj.accessStatus == "needPassword") else if(obj.accessStatus == "needPassword")
{ {