f7953ece85
There's no need to perform an authentication check in the socket.io middleware because `PadMessageHandler.handleMessage` calls `SecurityMananger.checkAccess` and that now performs authentication and authorization checks. This change also improves the user experience: Before, access denials caused socket.io error events in the client, which `pad.js` mostly ignores (the user doesn't see anything). Now a deny message is sent back to the client, which causes `pad.js` to display an obvious permission denied message. This also fixes a minor bug: `settings.loadTest` is supposed to bypass authentication and authorization checks, but they weren't bypassed because `SecurityManager.checkAccess` did not check `settings.loadTest`. |
||
---|---|---|
.. | ||
backend | ||
container | ||
frontend | ||
ratelimit | ||
README.md |
About this folder: Tests
Before running the tests, start an Etherpad instance on your machine.
Frontend
To run the frontend tests, point your browser to <yourdomainhere>/tests/frontend
Backend
To run the backend tests, run cd src
and then npm test