public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document multi-session cookie feature

pull/968/head
Marcel Klehr 2012-09-02 19:51:40 +02:00
parent 8a696ab77d
commit dad83d9b77
1 changed files with 24 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/node/db/SecurityManager.js
View File

@ -36,15 +36,15 @@ var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
* @param password the password the user has given to access this pad, can be null
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
*/
exports.checkAccess = function (padID, sessionID, token, password, callback)
exports.checkAccess = function (padID, sessionCookie, token, password, callback)
{
var statusObject;
// a valid session is required (api-only mode)
if(settings.requireSession)
{
// no sessionID, access is denied
if(!sessionID)
// without sessionCookie, access is denied
if(!sessionCookie)
{
callback(null, {accessStatus: "deny"});
return;
@ -114,32 +114,30 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
callback();
});
},
//get informations about this session
//get information about all sessions contained in this cookie
function(callback)
{
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
{
//skip session validation if the session doesn't exists
if(err && err.message == "sessionID does not exist")
{
callback();
return;
}
if(ERR(err, callback)) return;
var now = Math.floor(new Date().getTime()/1000);
//is it for this group? and is validUntil still ok? --> validSession
if(sessionInfo.groupID == groupID && sessionInfo.validUntil > now)
{
var sessionIDs = sessionCookie.split(',');
async.foreach(sessionIDs, function(sessionID) {
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
//skip session if it doesn't exist
if(err && err.message == "sessionID does not exist") return;
if(ERR(err, callback)) return;
var now = Math.floor(new Date().getTime()/1000);
//is it for this group?
if(sessionInfo.groupID != groupID) return;
//is validUntil still ok?
if(sessionInfo.validUntil <= now) return;
// There is a valid session
validSession = true;
}
sessionAuthor = sessionInfo.authorID;
callback();
});
sessionAuthor = sessionInfo.authorID;
});
}, callback)
},
//get author for token
function(callback)