Merge pull request #968 from marcelklehr/feature/multiple-sessions-per-user
Multiple sessions per user
This commit is contained in:
commit
23d22b92fd
|
@ -151,7 +151,7 @@ Theses authors are bind to the attributes the users choose (color and name).
|
||||||
-> can't be deleted cause this would involve scanning all the pads where this author was
|
-> can't be deleted cause this would involve scanning all the pads where this author was
|
||||||
|
|
||||||
### Session
|
### Session
|
||||||
Sessions can be created between a group and an author. This allows an author to access more than one group. The sessionID will be set as a cookie to the client and is valid until a certain date. Only users with a valid session for this group, can access group pads. You can create a session after you authenticated the user at your web application, to give them access to the pads. You should save the sessionID of this session and delete it after the user logged out
|
Sessions can be created between a group and an author. This allows an author to access more than one group. The sessionID will be set as a cookie to the client and is valid until a certain date. The session cookie can also contain multiple comma-seperated sessionIDs, allowing a user to edit pads in different groups at the same time. Only users with a valid session for this group, can access group pads. You can create a session after you authenticated the user at your web application, to give them access to the pads. You should save the sessionID of this session and delete it after the user logged out.
|
||||||
|
|
||||||
* **createSession(groupID, authorID, validUntil)** creates a new session. validUntil is an unix timestamp in seconds <br><br>*Example returns:*
|
* **createSession(groupID, authorID, validUntil)** creates a new session. validUntil is an unix timestamp in seconds <br><br>*Example returns:*
|
||||||
* `{code: 0, message:"ok", data: {sessionID: "s.s8oes9dhwrvt0zif"}}`
|
* `{code: 0, message:"ok", data: {sessionID: "s.s8oes9dhwrvt0zif"}}`
|
||||||
|
|
|
@ -36,15 +36,15 @@ var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
|
||||||
* @param password the password the user has given to access this pad, can be null
|
* @param password the password the user has given to access this pad, can be null
|
||||||
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
|
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
|
||||||
*/
|
*/
|
||||||
exports.checkAccess = function (padID, sessionID, token, password, callback)
|
exports.checkAccess = function (padID, sessionCookie, token, password, callback)
|
||||||
{
|
{
|
||||||
var statusObject;
|
var statusObject;
|
||||||
|
|
||||||
// a valid session is required (api-only mode)
|
// a valid session is required (api-only mode)
|
||||||
if(settings.requireSession)
|
if(settings.requireSession)
|
||||||
{
|
{
|
||||||
// no sessionID, access is denied
|
// without sessionCookie, access is denied
|
||||||
if(!sessionID)
|
if(!sessionCookie)
|
||||||
{
|
{
|
||||||
callback(null, {accessStatus: "deny"});
|
callback(null, {accessStatus: "deny"});
|
||||||
return;
|
return;
|
||||||
|
@ -114,32 +114,30 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
||||||
callback();
|
callback();
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
//get informations about this session
|
//get information about all sessions contained in this cookie
|
||||||
function(callback)
|
function(callback)
|
||||||
{
|
{
|
||||||
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
|
var sessionIDs = sessionCookie.split(',');
|
||||||
{
|
async.foreach(sessionIDs, function(sessionID) {
|
||||||
//skip session validation if the session doesn't exists
|
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
|
||||||
if(err && err.message == "sessionID does not exist")
|
//skip session if it doesn't exist
|
||||||
{
|
if(err && err.message == "sessionID does not exist") return;
|
||||||
callback();
|
|
||||||
return;
|
if(ERR(err, callback)) return;
|
||||||
}
|
|
||||||
|
var now = Math.floor(new Date().getTime()/1000);
|
||||||
if(ERR(err, callback)) return;
|
|
||||||
|
//is it for this group?
|
||||||
var now = Math.floor(new Date().getTime()/1000);
|
if(sessionInfo.groupID != groupID) return;
|
||||||
|
|
||||||
//is it for this group? and is validUntil still ok? --> validSession
|
//is validUntil still ok?
|
||||||
if(sessionInfo.groupID == groupID && sessionInfo.validUntil > now)
|
if(sessionInfo.validUntil <= now) return;
|
||||||
{
|
|
||||||
|
// There is a valid session
|
||||||
validSession = true;
|
validSession = true;
|
||||||
}
|
sessionAuthor = sessionInfo.authorID;
|
||||||
|
});
|
||||||
sessionAuthor = sessionInfo.authorID;
|
}, callback)
|
||||||
|
|
||||||
callback();
|
|
||||||
});
|
|
||||||
},
|
},
|
||||||
//get author for token
|
//get author for token
|
||||||
function(callback)
|
function(callback)
|
||||||
|
|
Loading…
Reference in New Issue