Changed the authentication mechanism to support hooks

author: Egil Moeller <egil.moller@freecode.no> 2012-04-19 16:04:03 +0200
committer: Egil Moeller <egil.moller@freecode.no> 2012-04-19 16:04:03 +0200
commit: ecac40d062747e4668dd942443b361077fd55f74 (patch)
tree: 0e34af004a5e9fc8b86e96b1a53f53b69c385c7c /src
parent: 7b39da2d69e759e0f75cc19adb92e130583c68d0 (diff)
download: etherpad-lite-ecac40d062747e4668dd942443b361077fd55f74.zip
3 files changed, 28 insertions, 18 deletions
diff --git a/src/node/hooks/express/adminplugins.js b/src/node/hooks/express/adminplugins.js
index 6cc80cf2..7b21206c 100644
--- a/src/node/hooks/express/adminplugins.js
+++ b/src/node/hooks/express/adminplugins.js
@@ -21,7 +21,7 @@ exports.expressCreateServer = function (hook_name, args, cb) {
 exports.socketio = function (hook_name, args, cb) {
   var io = args.io.of("/pluginfw/installer");
   io.on('connection', function (socket) {
-    if (!socket.handshake.session.user.is_admin) return;
+    if (!socket.handshake.session.user || !socket.handshake.session.user.is_admin) return;
 
     socket.on("load", function (query) {
       socket.emit("installed-results", {results: plugins.plugins});
diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 499451d8..028d8ab1 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -8,7 +8,13 @@ var hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks');
 
 //checks for basic http auth
 exports.basicAuth = function (req, res, next) {
- var authorize = function (cb) {
+  var hookResultMangle = function (cb) {
+    return function (err, data) {
+      return cb(!err && data.length && data[0]);
+    }
+  }
+
+  var authorize = function (cb) {
     // Do not require auth for static paths...this could be a bit brittle
     if (req.path.match(/^\/(static|javascripts|pluginfw)/)) return cb(true);
 
@@ -19,8 +25,7 @@ exports.basicAuth = function (req, res, next) {
 
     if (req.session && req.session.user && req.session.user.is_admin) return cb(true);
 
-    // hooks.aCallFirst("authorize", {resource: req.path, req: req}, cb);
-    cb(false);
+    hooks.aCallFirst("authorize", {req: req, res:res, next:next, resource: req.path}, hookResultMangle(cb));
   }
 
   var authenticate = function (cb) {
@@ -35,24 +40,28 @@ exports.basicAuth = function (req, res, next) {
         req.session.user = settings.users[username];
         return cb(true);
       }
-      // return hooks.aCallFirst("authenticate", {req: req, username: username, password: password}, cb);
+        return hooks.aCallFirst("authenticate", {req: req, res:res, next:next, username: username, password: password}, hookResultMangle(cb));
     }
-    // hooks.aCallFirst("authenticate", {req: req}, cb);
-    cb(false);
+    hooks.aCallFirst("authenticate", {req: req, res:res, next:next}, hookResultMangle(cb));
   }
 
 
+  /* Authentication OR authorization failed. */
   var failure = function () {
-    /* Authentication OR authorization failed. Return Auth required
-     * Headers, delayed for 1 second, if authentication failed. */
-    res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
-    if (req.headers.authorization) {
-      setTimeout(function () {
+    return hooks.aCallFirst("authFailure", {req: req, res:res, next:next}, hookResultMangle(function (ok) {
+    if (ok) return;
+      /* No plugin handler for invalid auth. Return Auth required
+       * Headers, delayed for 1 second, if authentication failed
+       * before. */
+      res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+      if (req.headers.authorization) {
+        setTimeout(function () {
+          res.send('Authentication required', 401);
+        }, 1000);
+      } else {
         res.send('Authentication required', 401);
-      }, 1000);
-    } else {
-      res.send('Authentication required', 401);
-    }
+      }
+    }));
   }
 
 
diff --git a/src/node/server.js b/src/node/server.js
index 6b443edb..9d2c52e4 100644
--- a/src/node/server.js
+++ b/src/node/server.js
@@ -30,6 +30,7 @@ var path = require('path');
 var plugins = require("ep_etherpad-lite/static/js/pluginfw/plugins");
 var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks");
 var npm = require("npm/lib/npm.js");
+var  _ = require("underscore");
 
 //try to get the git version
 var version = "";
@@ -88,11 +89,11 @@ async.waterfall([
     //let the server listen
     app.listen(settings.port, settings.ip);
     console.log("Server is listening at " + settings.ip + ":" + settings.port);
-    if(settings.adminHttpAuth){
+    if(!_.isEmpty(settings.users)){
       console.log("Plugin admin page listening at " + settings.ip + ":" + settings.port + "/admin/plugins");
     }
     else{
-      console.log("Admin username and password not set in settings.json.  To access admin please uncomment and edit adminHttpAuth in settings.json");
+      console.log("Admin username and password not set in settings.json.  To access admin please uncomment and edit 'users' in settings.json");
     }
     callback(null);  
   }
author	Egil Moeller <egil.moller@freecode.no>	2012-04-19 16:04:03 +0200
committer	Egil Moeller <egil.moller@freecode.no>	2012-04-19 16:04:03 +0200
commit	ecac40d062747e4668dd942443b361077fd55f74 (patch)
tree	0e34af004a5e9fc8b86e96b1a53f53b69c385c7c /src
parent	7b39da2d69e759e0f75cc19adb92e130583c68d0 (diff)
download	etherpad-lite-ecac40d062747e4668dd942443b361077fd55f74.zip