From 3e8f3cd938995a75e5146a149bf339dd5603416f Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Tue, 18 Nov 2014 14:56:40 +0000
Subject: [PATCH] hrm I dont trust this security

---
 src/node/hooks/express/adminplugins.js  | 5 +++--
 src/node/hooks/express/adminsettings.js | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/node/hooks/express/adminplugins.js b/src/node/hooks/express/adminplugins.js
index b348c023..ccc100dc 100644
--- a/src/node/hooks/express/adminplugins.js
+++ b/src/node/hooks/express/adminplugins.js
@@ -24,8 +24,9 @@ exports.expressCreateServer = function (hook_name, args, cb) {
 exports.socketio = function (hook_name, args, cb) {
   var io = args.io.of("/pluginfw/installer");
   io.on('connection', function (socket) {
-    console.warn("THIS IS BROKEN", socket.handshake);
-    if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
+
+    console.warn ("The middleware now handles auth but I'm not convinced SocketIO is being responsible enough here so this needs reviewing before hitting master");
+    // if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
 
     socket.on("getInstalled", function (query) {
       // send currently installed plugins
diff --git a/src/node/hooks/express/adminsettings.js b/src/node/hooks/express/adminsettings.js
index ba3009cd..3529e205 100644
--- a/src/node/hooks/express/adminsettings.js
+++ b/src/node/hooks/express/adminsettings.js
@@ -22,9 +22,9 @@ exports.expressCreateServer = function (hook_name, args, cb) {
 exports.socketio = function (hook_name, args, cb) {
   var io = args.io.of("/settings");
   io.on('connection', function (socket) {
-    console.warn ("THIS IS BROKEN");
 
-    if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
+    console.warn ("The middleware now handles auth but I'm not convinced SocketIO is being responsible enough here so this needs reviewing before hitting master");
+    // if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
 
     socket.on("load", function (query) {
       fs.readFile('settings.json', 'utf8', function (err,data) {