fuwafuwa
/
etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added debug-output to SecurityManager.checkAccess to indicate *why* an auth-try failed.

This commit is contained in:
mluto 2013-03-30 20:28:46 +01:00
parent 6a5e5cb6fd
commit 253a8e37fd
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/node/db/SecurityManager.js
View File

@ -134,12 +134,14 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
//is it for this group? //is it for this group?
if(sessionInfo.groupID != groupID) { if(sessionInfo.groupID != groupID) {
console.debug("Auth failed: wrong group");
callback(); callback();
return; return;
} }
//is validUntil still ok? //is validUntil still ok?
if(sessionInfo.validUntil <= now){ if(sessionInfo.validUntil <= now){
console.debug("Auth failed: validUntil");
callback(); callback();
return; return;
} }
@ -234,7 +236,11 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
//--> grant access //--> grant access
statusObject = {accessStatus: "grant", authorID: sessionAuthor}; statusObject = {accessStatus: "grant", authorID: sessionAuthor};
//--> deny access if user isn't allowed to create the pad //--> deny access if user isn't allowed to create the pad
if(settings.editOnly) statusObject.accessStatus = "deny"; if(settings.editOnly)
{
console.debug("Auth failed: valid session & pad does not exist");
statusObject.accessStatus = "deny";
}
} }
// there is no valid session avaiable AND pad exists // there is no valid session avaiable AND pad exists
else if(!validSession && padExists) else if(!validSession && padExists)
@ -266,6 +272,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
//- its not public //- its not public
else if(!isPublic) else if(!isPublic)
{ {
console.debug("Auth failed: invalid session & pad is not public");
//--> deny access //--> deny access
statusObject = {accessStatus: "deny"}; statusObject = {accessStatus: "deny"};
} }
@ -277,6 +284,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
// there is no valid session avaiable AND pad doesn't exists // there is no valid session avaiable AND pad doesn't exists
else else
{ {
console.debug("Auth failed: invalid session & pad does not exist");
//--> deny access //--> deny access
statusObject = {accessStatus: "deny"}; statusObject = {accessStatus: "deny"};
} }