libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #968 from marcelklehr/feature/multiple-sessions-per-user

Browse source 
Multiple sessions per user
This commit is contained in:
John McLear 2012-09-03 05:14:43 -07:00
commit 23d22b92fd
2 changed files with 25 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/api/http_api.md
View file

@ -151,7 +151,7 @@ Theses authors are bind to the attributes the users choose (color and name).
-> can't be deleted cause this would involve scanning all the pads where this author was
### Session
Sessions can be created between a group and an author. This allows an author to access more than one group. The sessionID will be set as a cookie to the client and is valid until a certain date. Only users with a valid session for this group, can access group pads. You can create a session after you authenticated the user at your web application, to give them access to the pads. You should save the sessionID of this session and delete it after the user logged out
Sessions can be created between a group and an author. This allows an author to access more than one group. The sessionID will be set as a cookie to the client and is valid until a certain date. The session cookie can also contain multiple comma-seperated sessionIDs, allowing a user to edit pads in different groups at the same time. Only users with a valid session for this group, can access group pads. You can create a session after you authenticated the user at your web application, to give them access to the pads. You should save the sessionID of this session and delete it after the user logged out.
* **createSession(groupID, authorID, validUntil)** creates a new session. validUntil is an unix timestamp in seconds <br><br>*Example returns:*
* `{code: 0, message:"ok", data: {sessionID: "s.s8oes9dhwrvt0zif"}}`

50
src/node/db/SecurityManager.js
View file

@ -36,15 +36,15 @@ var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
* @param password the password the user has given to access this pad, can be null
* @param callback will be called with (err, {accessStatus: grant|deny|wrongPassword|needPassword, authorID: a.xxxxxx})
*/
exports.checkAccess = function (padID, sessionID, token, password, callback)
exports.checkAccess = function (padID, sessionCookie, token, password, callback)
{
var statusObject;
// a valid session is required (api-only mode)
if(settings.requireSession)
{
// no sessionID, access is denied
if(!sessionID)
// without sessionCookie, access is denied
if(!sessionCookie)
{
callback(null, {accessStatus: "deny"});
return;
@ -114,32 +114,30 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
callback();
});
},
//get informations about this session
//get information about all sessions contained in this cookie
function(callback)
{
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
{
//skip session validation if the session doesn't exists
if(err && err.message == "sessionID does not exist")
{
callback();
return;
}
if(ERR(err, callback)) return;
var now = Math.floor(new Date().getTime()/1000);
//is it for this group? and is validUntil still ok? --> validSession
if(sessionInfo.groupID == groupID && sessionInfo.validUntil > now)
{
var sessionIDs = sessionCookie.split(',');
async.foreach(sessionIDs, function(sessionID) {
sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
//skip session if it doesn't exist
if(err && err.message == "sessionID does not exist") return;
if(ERR(err, callback)) return;
var now = Math.floor(new Date().getTime()/1000);
//is it for this group?
if(sessionInfo.groupID != groupID) return;
//is validUntil still ok?
if(sessionInfo.validUntil <= now) return;
// There is a valid session
validSession = true;
}
sessionAuthor = sessionInfo.authorID;
callback();
});
sessionAuthor = sessionInfo.authorID;
});
}, callback)
},
//get author for token
function(callback)