etherpad-lite

History

Richard Hansen f7953ece85 socketio: Delete redundant authentication check There's no need to perform an authentication check in the socket.io middleware because `PadMessageHandler.handleMessage` calls `SecurityMananger.checkAccess` and that now performs authentication and authorization checks. This change also improves the user experience: Before, access denials caused socket.io error events in the client, which `pad.js` mostly ignores (the user doesn't see anything). Now a deny message is sent back to the client, which causes `pad.js` to display an obvious permission denied message. This also fixes a minor bug: `settings.loadTest` is supposed to bypass authentication and authorization checks, but they weren't bypassed because `SecurityManager.checkAccess` did not check `settings.loadTest`.	2020-10-05 18:12:04 +01:00
..
specs	socketio: Delete redundant authentication check	2020-10-05 18:12:04 +01:00
fuzzImportTest.js	tests: fuzzing, binary imports	2020-06-01 17:26:55 +01:00

Richard Hansen f7953ece85 socketio: Delete redundant authentication check

There's no need to perform an authentication check in the socket.io
middleware because `PadMessageHandler.handleMessage` calls
`SecurityMananger.checkAccess` and that now performs authentication
and authorization checks.

This change also improves the user experience: Before, access denials
caused socket.io error events in the client, which `pad.js` mostly
ignores (the user doesn't see anything). Now a deny message is sent
back to the client, which causes `pad.js` to display an obvious
permission denied message.

This also fixes a minor bug: `settings.loadTest` is supposed to bypass
authentication and authorization checks, but they weren't bypassed
because `SecurityManager.checkAccess` did not check
`settings.loadTest`.

2020-10-05 18:12:04 +01:00

specs

socketio: Delete redundant authentication check

2020-10-05 18:12:04 +01:00

fuzzImportTest.js

tests: fuzzing, binary imports

2020-06-01 17:26:55 +01:00