diff options
author | John McLear <john@mclear.co.uk> | 2015-05-11 15:10:45 +0100 |
---|---|---|
committer | John McLear <john@mclear.co.uk> | 2015-05-11 15:10:45 +0100 |
commit | 9e9207d8b6091375017aba122eb8c3db0fb10e8a (patch) | |
tree | 3880d4db22d43cc2dd4115f6f0d9504fc94ebf15 /src/node | |
parent | 3b91b46baa699dd50ba993b1fd7ffc33ec741abc (diff) | |
parent | 5a7750781b0a1848477675a90d1c2be4596ffd2e (diff) | |
download | etherpad-lite-9e9207d8b6091375017aba122eb8c3db0fb10e8a.zip |
Merge pull request #2657 from simong/cookie-parser
Use the cookie parser middleware
Diffstat (limited to 'src/node')
-rw-r--r-- | src/node/hooks/express/webaccess.js | 5 | ||||
-rw-r--r-- | src/node/padaccess.js | 4 |
2 files changed, 4 insertions, 5 deletions
diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index cb5a2207..2cafd271 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -6,6 +6,7 @@ var hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks'); var ueberStore = require('../../db/SessionStore'); var stats = require('ep_etherpad-lite/node/stats'); var sessionModule = require('express-session'); +var cookieParser = require('cookie-parser'); //checks for basic http auth exports.basicAuth = function (req, res, next) { @@ -76,7 +77,7 @@ exports.basicAuth = function (req, res, next) { Note that the process could stop already in step 3 with a redirect to login page. */ - + authorize(function (ok) { if (ok) return next(); authenticate(function (ok) { @@ -121,6 +122,8 @@ exports.expressConfigure = function (hook_name, args, cb) { args.app.sessionStore = exports.sessionStore; args.app.use(sessionModule({secret: exports.secret, store: args.app.sessionStore, resave: true, saveUninitialized: true, name: 'express_sid' })); + args.app.use(cookieParser(settings.sessionKey, {})); + args.app.use(exports.basicAuth); } diff --git a/src/node/padaccess.js b/src/node/padaccess.js index 97333514..1f2e8834 100644 --- a/src/node/padaccess.js +++ b/src/node/padaccess.js @@ -3,10 +3,6 @@ var securityManager = require('./db/SecurityManager'); //checks for padAccess module.exports = function (req, res, callback) { - - // FIXME: Why is this ever undefined?? - if (req.cookies === undefined) req.cookies = {}; - securityManager.checkAccess(req.params.pad, req.cookies.sessionID, req.cookies.token, req.cookies.password, function(err, accessObj) { if(ERR(err, callback)) return; |