loolwsd/Admin.cpp      |    7 +++++--
 loolwsd/FileServer.cpp |   19 ++++++++++++-------
 2 files changed, 17 insertions(+), 9 deletions(-)

New commits:
commit dff5118d3a4ce148638845e63337a5fb907d9426
Author: Pranav Kant <pran...@collabora.co.uk>
Date:   Tue Jul 19 23:25:16 2016 +0530

    loolwsd: Better handling of JWT cookies
    
    Use Poco API instead of manually finding the cookie in request
    headers.
    
    Change-Id: I4fee64b0adfe8a3139ad4291512e94fd65f9aa9d

diff --git a/loolwsd/FileServer.cpp b/loolwsd/FileServer.cpp
index 507f512..abcba82 100644
--- a/loolwsd/FileServer.cpp
+++ b/loolwsd/FileServer.cpp
@@ -12,6 +12,7 @@
 #include <string>
 #include <vector>
 
+#include <Poco/Exception.h>
 #include <Poco/FileStream.h>
 #include <Poco/Net/HTTPCookie.h>
 #include <Poco/Net/HTTPBasicCredentials.h>
@@ -22,6 +23,7 @@
 #include <Poco/Net/HTTPServerParams.h>
 #include <Poco/Net/HTTPServerRequest.h>
 #include <Poco/Net/HTTPServerResponse.h>
+#include <Poco/Net/NameValueCollection.h>
 #include <Poco/Net/NetException.h>
 #include <Poco/Net/SecureServerSocket.h>
 #include <Poco/Net/WebSocket.h>
@@ -46,6 +48,7 @@ using Poco::Net::HTTPResponse;
 using Poco::Net::HTTPServerParams;
 using Poco::Net::HTTPServerRequest;
 using Poco::Net::HTTPServerResponse;
+using Poco::Net::NameValueCollection;
 using Poco::Net::SecureServerSocket;
 using Poco::Net::HTTPBasicCredentials;
 using Poco::StreamCopier;
@@ -56,14 +59,11 @@ bool 
FileServerRequestHandler::isAdminLoggedIn(HTTPServerRequest& request, HTTPS
     const auto& config = Application::instance().config();
     const auto sslKeyPath = config.getString("ssl.key_file_path", "");
 
-    if (request.find("Cookie") != request.end())
+    NameValueCollection cookies;
+    request.getCookies(cookies);
+    try
     {
-        // FIXME: Handle other cookie params like '; httponly; secure'
-        const std::size_t pos = request["Cookie"].find_first_of("=");
-        if (pos == std::string::npos)
-            throw Poco::Net::NotAuthenticatedException("Missing JWT");
-
-        const std::string jwtToken = request["Cookie"].substr(pos + 1);
+        const std::string jwtToken = cookies.get("jwt");
         Log::info("Verifying JWT token: " + jwtToken);
         JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin");
         if (authAgent.verify(jwtToken))
@@ -74,7 +74,12 @@ bool 
FileServerRequestHandler::isAdminLoggedIn(HTTPServerRequest& request, HTTPS
 
         Log::info("Invalid JWT token, let the administrator re-login");
     }
+    catch (const Poco::Exception& exc)
+    {
+        Log::info("No existing JWT cookie found");
+    }
 
+    // If no cookie found, or is invalid, let admin re-login
     const auto user = config.getString("admin_console.username", "");
     const auto pass = config.getString("admin_console.password", "");
     if (user.empty() || pass.empty())
commit 319dd5659875d37f77dcb0c59c1fd70bb3444037
Author: Pranav Kant <pran...@collabora.co.uk>
Date:   Tue Jul 19 23:15:10 2016 +0530

    loolwsd: Don't send an empty result in frame
    
    Change-Id: Ia4cf4c6d49be4b65d075c8380994dd7115ba2dc6

diff --git a/loolwsd/Admin.cpp b/loolwsd/Admin.cpp
index 952544b..c8405b2 100644
--- a/loolwsd/Admin.cpp
+++ b/loolwsd/Admin.cpp
@@ -67,8 +67,11 @@ bool AdminRequestHandler::adminCommandHandler(const 
std::vector<char>& payload)
         tokens[0] == "mem_stats" ||
         tokens[0] == "cpu_stats" )
     {
-        const std::string responseFrame = tokens[0] + " " + 
model.query(tokens[0]);
-        sendTextFrame(responseFrame);
+        std::string responseFrame = tokens[0] + " ";
+        const std::string result = model.query(tokens[0]);
+        responseFrame += result;
+        if (result != "")
+            sendTextFrame(responseFrame);
     }
     else if (tokens[0] == "subscribe" && tokens.count() > 1)
     {
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to