Merge pull request #1940 from piratenfraktion-nrw/fix_readonly_if_require_session
pass correct padID to checkAccess if pad is requested via readOnly link
This commit is contained in:
commit
be78488635
|
@ -240,7 +240,7 @@ exports.handleMessage = function(client, message)
|
||||||
callback();
|
callback();
|
||||||
}else{
|
}else{
|
||||||
var auth = sessioninfos[client.id].auth;
|
var auth = sessioninfos[client.id].auth;
|
||||||
securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject)
|
var checkAccessCallback = function(err, statusObject)
|
||||||
{
|
{
|
||||||
if(ERR(err, callback)) return;
|
if(ERR(err, callback)) return;
|
||||||
|
|
||||||
|
@ -254,7 +254,17 @@ exports.handleMessage = function(client, message)
|
||||||
{
|
{
|
||||||
client.json.send({accessStatus: statusObject.accessStatus})
|
client.json.send({accessStatus: statusObject.accessStatus})
|
||||||
}
|
}
|
||||||
});
|
};
|
||||||
|
//check if pad is requested via readOnly
|
||||||
|
if (auth.padID.indexOf("r.") === 0) {
|
||||||
|
//Pad is readOnly, first get the real Pad ID
|
||||||
|
readOnlyManager.getPadId(auth.padID, function(err, value) {
|
||||||
|
ERR(err);
|
||||||
|
securityManager.checkAccess(value, auth.sessionID, auth.token, auth.password, checkAccessCallback);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, checkAccessCallback);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
finalHandler
|
finalHandler
|
||||||
|
|
|
@ -23,6 +23,7 @@ var ERR = require("async-stacktrace");
|
||||||
var log4js = require('log4js');
|
var log4js = require('log4js');
|
||||||
var messageLogger = log4js.getLogger("message");
|
var messageLogger = log4js.getLogger("message");
|
||||||
var securityManager = require("../db/SecurityManager");
|
var securityManager = require("../db/SecurityManager");
|
||||||
|
var readOnlyManager = require("../db/ReadOnlyManager");
|
||||||
var settings = require('../utils/Settings');
|
var settings = require('../utils/Settings');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -87,23 +88,29 @@ exports.setSocketIO = function(_socket) {
|
||||||
handleMessage(client, message);
|
handleMessage(client, message);
|
||||||
} else { //try to authorize the client
|
} else { //try to authorize the client
|
||||||
if(message.padId !== undefined && message.sessionID !== undefined && message.token !== undefined && message.password !== undefined) {
|
if(message.padId !== undefined && message.sessionID !== undefined && message.token !== undefined && message.password !== undefined) {
|
||||||
//this message has everything to try an authorization
|
var checkAccessCallback = function(err, statusObject) {
|
||||||
securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password,
|
ERR(err);
|
||||||
function(err, statusObject) {
|
|
||||||
ERR(err);
|
|
||||||
|
|
||||||
//access was granted, mark the client as authorized and handle the message
|
//access was granted, mark the client as authorized and handle the message
|
||||||
if(statusObject.accessStatus == "grant") {
|
if(statusObject.accessStatus == "grant") {
|
||||||
clientAuthorized = true;
|
clientAuthorized = true;
|
||||||
handleMessage(client, message);
|
handleMessage(client, message);
|
||||||
}
|
|
||||||
//no access, send the client a message that tell him why
|
|
||||||
else {
|
|
||||||
messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));
|
|
||||||
client.json.send({accessStatus: statusObject.accessStatus});
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
);
|
//no access, send the client a message that tell him why
|
||||||
|
else {
|
||||||
|
messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));
|
||||||
|
client.json.send({accessStatus: statusObject.accessStatus});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
if (message.padId.indexOf("r.") === 0) {
|
||||||
|
readOnlyManager.getPadId(message.padId, function(err, value) {
|
||||||
|
ERR(err);
|
||||||
|
securityManager.checkAccess (value, message.sessionID, message.token, message.password, checkAccessCallback);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
//this message has everything to try an authorization
|
||||||
|
securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password, checkAccessCallback);
|
||||||
|
}
|
||||||
} else { //drop message
|
} else { //drop message
|
||||||
messageLogger.warn("Dropped message cause of bad permissions:" + stringifyWithoutPassword(message));
|
messageLogger.warn("Dropped message cause of bad permissions:" + stringifyWithoutPassword(message));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue