Grant access, when valid session is available and sessionNoPassword is set

settings.json.template

@@ -60,6 +60,9 @@
   /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
   "editOnly" : false,
 
+  /* Users, who have a valid session, automatically get granted access to password protected pads */
+  "sessionNoPassword" : false,
+  
   /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, 
      but makes it impossible to debug the javascript/css */
   "minify" : true,

src/node/db/SecurityManager.js

@@ -219,6 +219,12 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
           //--> grant access
           statusObject = {accessStatus: "grant", authorID: sessionAuthor};
         }
+        //- the setting to bypass password validation is set
+        else if(settings.sessionNoPassword)
+        {
+          //--> grant access
+          statusObject = {accessStatus: "grant", authorID: sessionAuthor};
+        }
         //- the pad is password protected and password is correct
         else if(isPasswordProtected && passwordStatus == "correct")
         {

src/node/utils/Settings.js

@@ -89,6 +89,11 @@ exports.requireSession = false;
  */
 exports.editOnly = false;
 
+/**
+ * A flag that bypasses password prompts for user with valid sessions
+ */
+exports.sessionNoPassword = false;
+
 /**
  * Max age that responses will have (affects caching layer).
  */