From 77c2313025e9b4b5eb0bd415f07b24a78561780f Mon Sep 17 00:00:00 2001 From: vileda Date: Sun, 13 Oct 2013 22:31:41 +0200 Subject: [PATCH] pass correct padID to checkAccess if pad is requested via readOnly link --- src/node/handler/PadMessageHandler.js | 14 ++++++++-- src/node/handler/SocketIORouter.js | 37 ++++++++++++++++----------- 2 files changed, 34 insertions(+), 17 deletions(-) diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js index 0dd325e46..6314351b9 100644 --- a/src/node/handler/PadMessageHandler.js +++ b/src/node/handler/PadMessageHandler.js @@ -240,7 +240,7 @@ exports.handleMessage = function(client, message) callback(); }else{ var auth = sessioninfos[client.id].auth; - securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, function(err, statusObject) + var checkAccessCallback = function(err, statusObject) { if(ERR(err, callback)) return; @@ -254,7 +254,17 @@ exports.handleMessage = function(client, message) { client.json.send({accessStatus: statusObject.accessStatus}) } - }); + }; + //check if pad is requested via readOnly + if (auth.padID.indexOf("r.") === 0) { + //Pad is readOnly, first get the real Pad ID + readOnlyManager.getPadId(auth.padID, function(err, value) { + ERR(err); + securityManager.checkAccess(value, auth.sessionID, auth.token, auth.password, checkAccessCallback); + }); + } else { + securityManager.checkAccess(auth.padID, auth.sessionID, auth.token, auth.password, checkAccessCallback); + } } }, finalHandler diff --git a/src/node/handler/SocketIORouter.js b/src/node/handler/SocketIORouter.js index e5bc1ac42..2ca0d80fe 100644 --- a/src/node/handler/SocketIORouter.js +++ b/src/node/handler/SocketIORouter.js @@ -23,6 +23,7 @@ var ERR = require("async-stacktrace"); var log4js = require('log4js'); var messageLogger = log4js.getLogger("message"); var securityManager = require("../db/SecurityManager"); +var readOnlyManager = require("../db/ReadOnlyManager"); var settings = require('../utils/Settings'); /** @@ -87,23 +88,29 @@ exports.setSocketIO = function(_socket) { handleMessage(client, message); } else { //try to authorize the client if(message.padId !== undefined && message.sessionID !== undefined && message.token !== undefined && message.password !== undefined) { - //this message has everything to try an authorization - securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password, - function(err, statusObject) { - ERR(err); + var checkAccessCallback = function(err, statusObject) { + ERR(err); - //access was granted, mark the client as authorized and handle the message - if(statusObject.accessStatus == "grant") { - clientAuthorized = true; - handleMessage(client, message); - } - //no access, send the client a message that tell him why - else { - messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message)); - client.json.send({accessStatus: statusObject.accessStatus}); - } + //access was granted, mark the client as authorized and handle the message + if(statusObject.accessStatus == "grant") { + clientAuthorized = true; + handleMessage(client, message); } - ); + //no access, send the client a message that tell him why + else { + messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message)); + client.json.send({accessStatus: statusObject.accessStatus}); + } + }; + if (message.padId.indexOf("r.") === 0) { + readOnlyManager.getPadId(message.padId, function(err, value) { + ERR(err); + securityManager.checkAccess (value, message.sessionID, message.token, message.password, checkAccessCallback); + }); + } else { + //this message has everything to try an authorization + securityManager.checkAccess (message.padId, message.sessionID, message.token, message.password, checkAccessCallback); + } } else { //drop message messageLogger.warn("Dropped message cause of bad permissions:" + stringifyWithoutPassword(message)); }