From 6b0cf29af6cdf0810910f345357a6ce8409d3f09 Mon Sep 17 00:00:00 2001 From: webzwo0i Date: Sat, 24 Jan 2015 06:34:41 +0100 Subject: [PATCH] Stop processing a message without auth (i.e. a client did not send CLIENT_READY) --- src/node/handler/PadMessageHandler.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js index 3228330e3..7ea5039d8 100644 --- a/src/node/handler/PadMessageHandler.js +++ b/src/node/handler/PadMessageHandler.js @@ -257,11 +257,10 @@ exports.handleMessage = function(client, message) // FIXME: Use a hook instead // FIXME: Allow to override readwrite access with readonly - // FIXME: A message might arrive but wont have an auth object, this is obviously bad so we should deny it // Simulate using the load testing tool if(!sessioninfos[client.id].auth){ console.error("Auth was never applied to a session. If you are using the stress-test tool then restart Etherpad and the Stress test tool.") - callback(); + return; }else{ var auth = sessioninfos[client.id].auth; var checkAccessCallback = function(err, statusObject)