fuwafuwa
/
etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Document multi-session cookie feature

This commit is contained in:
Marcel Klehr 2012-09-02 19:51:40 +02:00
parent 8a696ab77d
commit dad83d9b77
1 changed files with 24 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/node/db/SecurityManager.js
View File

@ -36,15 +36,15 @@ var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
* @param password the password the user has given to access this pad, can be null * @param password the password the user has given to access this pad, can be null
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx}) * @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
*/ */
exports.checkAccess = function (padID, sessionID, token, password, callback) exports.checkAccess = function (padID, sessionCookie, token, password, callback)
{ {
var statusObject; var statusObject;
// a valid session is required (api-only mode) // a valid session is required (api-only mode)
if(settings.requireSession) if(settings.requireSession)
{ {
// no sessionID, access is denied // without sessionCookie, access is denied
if(!sessionID) if(!sessionCookie)
{ {
callback(null, {accessStatus: "deny"}); callback(null, {accessStatus: "deny"});
return; return;
@ -114,32 +114,30 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
callback(); callback();
}); });
}, },
//get informations about this session //get information about all sessions contained in this cookie
function(callback) function(callback)
{ {
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) var sessionIDs = sessionCookie.split(',');
{ async.foreach(sessionIDs, function(sessionID) {
//skip session validation if the session doesn't exists sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
if(err && err.message == "sessionID does not exist") //skip session if it doesn't exist
{ if(err && err.message == "sessionID does not exist") return;
callback();
return; if(ERR(err, callback)) return;
}
var now = Math.floor(new Date().getTime()/1000);
if(ERR(err, callback)) return;
//is it for this group?
var now = Math.floor(new Date().getTime()/1000); if(sessionInfo.groupID != groupID) return;
//is it for this group? and is validUntil still ok? --> validSession //is validUntil still ok?
if(sessionInfo.groupID == groupID && sessionInfo.validUntil > now) if(sessionInfo.validUntil <= now) return;
{
// There is a valid session
validSession = true; validSession = true;
} sessionAuthor = sessionInfo.authorID;
});
sessionAuthor = sessionInfo.authorID; }, callback)
callback();
});
}, },
//get author for token //get author for token
function(callback) function(callback)