diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js index 85efb008..3da5057d 100644 --- a/src/node/handler/PadMessageHandler.js +++ b/src/node/handler/PadMessageHandler.js @@ -224,22 +224,31 @@ exports.handleMessage = function(client, message) // FIXME: Call our "sessions" "connections". // FIXME: Use a hook instead // FIXME: Allow to override readwrite access with readonly - var auth = sessioninfos[client.id].auth; - securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject) - { - if(ERR(err, callback)) return; - //access was granted - if(statusObject.accessStatus == "grant") + // FIXME: A message might arrive but wont have an auth object, this is obviously bad so we should deny it + // Simulate using the load testing tool + if(!sessioninfos[client.id].auth){ + console.error("Auth was never applied to a session", sessioninfos[client.id]) + client.json.send({accessStatus: "deny"}); + callback(); + }else{ + var auth = sessioninfos[client.id].auth; + securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject) { - callback(); - } - //no access, send the client a message that tell him why - else - { - client.json.send({accessStatus: statusObject.accessStatus}) - } - }); + if(ERR(err, callback)) return; + + //access was granted + if(statusObject.accessStatus == "grant") + { + callback(); + } + //no access, send the client a message that tell him why + else + { + client.json.send({accessStatus: statusObject.accessStatus}) + } + }); + } }, finalHandler ]);