* bugfix, lint and refactor all bin scripts
* for squash: throw Error(message) rather than log(message); throw Error()
* for squash: Exit non-0 on unhandled Promise rejection
Many of the recent lint changes have converted normal functions to
async functions, and an error thrown in an async function does not
cause Node.js to exit by default.
* for squash: fix `require()` paths
* for squash: remove erroneous `Object.keys()` call
* for squash: fix missing `continue` statements
* for squash: Fix HTTP method for deleteSession
* for squash: delete erroneous throw
Throw is only for errors, not successful completion.
* for squash: redo migrateDirtyDBtoRealDB.js to fix async bugs
* for squash: fix erroneous use of `for..of`
* for squash: Add line break between statements
* for squash: put closing paren on same line as last arg
* for squash: Move `log()` back up where it was
to minimize the diff to develop
* for squash: indentation fixes
* for squash: typo fix
* for squash: wrap long lines
* for squash: use `util.callbackify` to silence promise/no-callback-in-promise warning
* for squash: use double quotes to improve readability
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
There are two different ways an author ID becomes associated with a
user: either bound to a token or bound to a session ID. (The token and
session ID come from the `token` and `sessionID` cookies, or, in the
case of socket.io messages, from the `token` and `sessionID` message
properties.) When `settings.requireSession` is true or the user is
accessing a group pad, the session ID should be used. Otherwise the
token should be used.
Before this change, the `/p/:pad/import` handler was always using the
token, even when `settings.requireSession` was true. This caused the
following error because a different author ID was bound to the token
versus the session ID:
> Unable to import file into ${pad}. Author ${authorID} exists but he
> never contributed to this pad
This bug was reported in issue #4006. PR #4012 worked around the
problem by binding the same author ID to the token as well as the
session ID.
This change does the following:
* Modifies the import handler to use the session ID to obtain the
author ID (when appropriate).
* Expands the documentation for the SecurityManager checkAccess
function.
* Removes the workaround from PR #4012.
* Cleans up the `bin/createUserSession.js` test script.
John McLear
Richard Hansen