[Libreoffice-commits] online.git: loleaflet/src wsd/Admin.cpp wsd/FileServer.cpp
Michael Meeks
michael.meeks at collabora.com
Thu Mar 16 16:45:36 UTC 2017
loleaflet/src/admin/AdminSocketBase.js | 3 ++-
wsd/Admin.cpp | 13 +++++++++++--
wsd/FileServer.cpp | 6 ++++--
3 files changed, 17 insertions(+), 5 deletions(-)
New commits:
commit 97cb6597c86bb62002282109b05f611066972783
Author: Michael Meeks <michael.meeks at collabora.com>
Date: Thu Mar 16 16:44:27 2017 +0000
Admin: don't set 'secure' on auth cookie for http.
Also tweak paths to accomodate bundlification, apparently un-necessary
in secure cookie mode, interestingly.
diff --git a/loleaflet/src/admin/AdminSocketBase.js b/loleaflet/src/admin/AdminSocketBase.js
index cb8a5a82..145755cf 100644
--- a/loleaflet/src/admin/AdminSocketBase.js
+++ b/loleaflet/src/admin/AdminSocketBase.js
@@ -27,7 +27,8 @@ var AdminSocketBase = Base.extend({
onSocketOpen: function() {
// Authenticate
- this.socket.send('auth ' + Util.getCookie('jwt'));
+ cookie = Util.getCookie('jwt');
+ this.socket.send('auth ' + cookie);
},
onSocketMessage: function() {
diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp
index a3b7035c..f8d9f6f8 100644
--- a/wsd/Admin.cpp
+++ b/wsd/Admin.cpp
@@ -70,8 +70,15 @@ void AdminRequestHandler::handleMessage(bool /* fin */, WSOpCode /* code */, std
std::unique_lock<std::mutex> modelLock(_admin->getLock());
AdminModel& model = _admin->getModel();
- if (tokens.count() > 1 && tokens[0] == "auth")
+ if (tokens[0] == "auth")
{
+ if (tokens.count() < 2)
+ {
+ sendFrame("InvalidAuthToken");
+ LOG_TRC("Auth command without any token");
+ shutdown();
+ return;
+ }
std::string jwtToken;
LOOLProtocol::getTokenString(tokens[1], "jwt", jwtToken);
const auto& config = Application::instance().config();
@@ -83,6 +90,7 @@ void AdminRequestHandler::handleMessage(bool /* fin */, WSOpCode /* code */, std
{
LOG_TRC("JWT token is valid");
_isAuthenticated = true;
+ return;
}
else
{
@@ -96,8 +104,9 @@ void AdminRequestHandler::handleMessage(bool /* fin */, WSOpCode /* code */, std
if (!_isAuthenticated)
{
sendFrame("NotAuthenticated");
- LOG_TRC("Not authenticated");
shutdown();
+ LOG_TRC("Not authenticated - message is '" << firstLine << "' "
+ << tokens.count() << " first: '" << tokens[0] << "'");
return;
}
else if (tokens[0] == "documents" ||
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index bba77d5e..d74caf87 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -94,8 +94,10 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
const std::string jwtToken = authAgent.getAccessToken();
Poco::Net::HTTPCookie cookie("jwt", jwtToken);
- cookie.setPath("/loleaflet/dist/admin/");
- cookie.setSecure(true);
+ // bundlify appears to add an extra /dist -> dist/dist/admin
+ cookie.setPath("/loleaflet/dist/");
+ cookie.setSecure(LOOLWSD::isSSLEnabled() ||
+ LOOLWSD::isSSLTermination());
response.addCookie(cookie);
return true;
More information about the Libreoffice-commits
mailing list