Merge pull request #1687 from mluto/checkAccess-debug-output

Added debug-output to checkAccess to indicate *why* an auth-try failed
2013-03-30 12:49:21 -07:00 · 2013-03-30 12:49:21 -07:00 · 9c36d6f58b
parent 6a5e5cb6fd 7e3b288afc
commit 9c36d6f58b
1 changed files with 21 additions and 6 deletions
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@ -27,6 +27,8 @@ var padManager = require("./PadManager");
 var sessionManager = require("./SessionManager");
 var settings = require("../utils/Settings");
 var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
+var log4js = require('log4js');
+var authLogger = log4js.getLogger("auth");

 /**
 * This function controlls the access to a pad, it checks if the user can access a pad.
@ -117,14 +119,17 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
        //get information about all sessions contained in this cookie
        function(callback)
        {
-          if (!sessionCookie) {
+          if (!sessionCookie)
+          {
            callback();
            return;
          }
          
          var sessionIDs = sessionCookie.split(',');
-          async.forEach(sessionIDs, function(sessionID, callback) {
-            sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
+          async.forEach(sessionIDs, function(sessionID, callback)
+          {
+            sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
+            {
              //skip session if it doesn't exist
              if(err && err.message == "sessionID does not exist") return;
              
@ -133,13 +138,17 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
              var now = Math.floor(new Date().getTime()/1000);
              
              //is it for this group?
-              if(sessionInfo.groupID != groupID) {
+              if(sessionInfo.groupID != groupID)
+              {
+                authLogger.debug("Auth failed: wrong group");
            	  callback();
            	  return;
              }
              
              //is validUntil still ok?
-              if(sessionInfo.validUntil <= now){
+              if(sessionInfo.validUntil <= now)
+              {
+                authLogger.debug("Auth failed: validUntil");
            	  callback();
            	  return;
              }
@ -234,7 +243,11 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
        //--> grant access
        statusObject = {accessStatus: "grant", authorID: sessionAuthor};
        //--> deny access if user isn't allowed to create the pad
-        if(settings.editOnly) statusObject.accessStatus = "deny";
+        if(settings.editOnly)
+        {
+          authLogger.debug("Auth failed: valid session & pad does not exist");
+          statusObject.accessStatus = "deny";
+        }
      }
      // there is no valid session avaiable AND pad exists
      else if(!validSession && padExists)
@ -266,6 +279,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
        //- its not public
        else if(!isPublic)
        {
+          authLogger.debug("Auth failed: invalid session & pad is not public");
          //--> deny access
          statusObject = {accessStatus: "deny"};
        }
@ -277,6 +291,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
      // there is no valid session avaiable AND pad doesn't exists
      else
      {
+         authLogger.debug("Auth failed: invalid session & pad does not exist");
         //--> deny access
         statusObject = {accessStatus: "deny"};
      }