mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-01-20 06:29:53 +01:00
Refuse connection if the user is no longer authorized
This should do the trick for issue 815. Please review and merge if it works. Try again: Fewer variables.
This commit is contained in:
parent
e4ff4021ab
commit
79ca5f3e7c
1 changed files with 55 additions and 23 deletions
|
@ -169,6 +169,7 @@ exports.handleMessage = function(client, message)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var finalHandler = function () {
|
||||||
//Check what type of message we get and delegate to the other methodes
|
//Check what type of message we get and delegate to the other methodes
|
||||||
if(message.type == "CLIENT_READY") {
|
if(message.type == "CLIENT_READY") {
|
||||||
handleClientReady(client, message);
|
handleClientReady(client, message);
|
||||||
|
@ -194,6 +195,37 @@ exports.handleMessage = function(client, message)
|
||||||
} else {
|
} else {
|
||||||
messageLogger.warn("Dropped message, unknown Message Type " + message.type);
|
messageLogger.warn("Dropped message, unknown Message Type " + message.type);
|
||||||
}
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
if (message && message.padId) {
|
||||||
|
async.series([
|
||||||
|
//check permissions
|
||||||
|
function(callback)
|
||||||
|
{
|
||||||
|
// Note: message.sessionID is an entirely different kind of
|
||||||
|
// session from the sessions we use here! Beware! FIXME: Call
|
||||||
|
// our "sessions" "connections".
|
||||||
|
// FIXME: Use a hook instead
|
||||||
|
// FIXME: Allow to override readwrite access with readonly
|
||||||
|
securityManager.checkAccess(message.padId, message.sessionID, message.token, message.password, function(err, statusObject)
|
||||||
|
{
|
||||||
|
if(ERR(err, callback)) return;
|
||||||
|
|
||||||
|
//access was granted
|
||||||
|
if(statusObject.accessStatus == "grant")
|
||||||
|
{
|
||||||
|
callback();
|
||||||
|
}
|
||||||
|
//no access, send the client a message that tell him why
|
||||||
|
else
|
||||||
|
{
|
||||||
|
client.json.send({accessStatus: statusObject.accessStatus})
|
||||||
|
}
|
||||||
|
});
|
||||||
|
},
|
||||||
|
finalHandler
|
||||||
|
]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue