loolwsd/Admin.cpp | 7 +++++--
loolwsd/FileServer.cpp | 19 ++++++++++++-------
2 files changed, 17 insertions(+), 9 deletions(-)
New commits:
commit dff5118d3a4ce148638845e63337a5fb907d9426
Author: Pranav Kant <pran...@collabora.co.uk>
Date: Tue Jul 19 23:25:16 2016 +0530
loolwsd: Better handling of JWT cookies
Use Poco API instead of manually finding the cookie in request
headers.
Change-Id: I4fee64b0adfe8a3139ad4291512e94fd65f9aa9d
diff --git a/loolwsd/FileServer.cpp b/loolwsd/FileServer.cpp
index 507f512..abcba82 100644
--- a/loolwsd/FileServer.cpp
+++ b/loolwsd/FileServer.cpp
@@ -12,6 +12,7 @@
#include <string>
#include <vector>
+#include <Poco/Exception.h>
#include <Poco/FileStream.h>
#include <Poco/Net/HTTPCookie.h>
#include <Poco/Net/HTTPBasicCredentials.h>
@@ -22,6 +23,7 @@
#include <Poco/Net/HTTPServerParams.h>
#include <Poco/Net/HTTPServerRequest.h>
#include <Poco/Net/HTTPServerResponse.h>
+#include <Poco/Net/NameValueCollection.h>
#include <Poco/Net/NetException.h>
#include <Poco/Net/SecureServerSocket.h>
#include <Poco/Net/WebSocket.h>
@@ -46,6 +48,7 @@ using Poco::Net::HTTPResponse;
using Poco::Net::HTTPServerParams;
using Poco::Net::HTTPServerRequest;
using Poco::Net::HTTPServerResponse;
+using Poco::Net::NameValueCollection;
using Poco::Net::SecureServerSocket;
using Poco::Net::HTTPBasicCredentials;
using Poco::StreamCopier;
@@ -56,14 +59,11 @@ bool
FileServerRequestHandler::isAdminLoggedIn(HTTPServerRequest& request, HTTPS
const auto& config = Application::instance().config();
const auto sslKeyPath = config.getString("ssl.key_file_path", "");
- if (request.find("Cookie") != request.end())
+ NameValueCollection cookies;
+ request.getCookies(cookies);
+ try
{
- // FIXME: Handle other cookie params like '; httponly; secure'
- const std::size_t pos = request["Cookie"].find_first_of("=");
- if (pos == std::string::npos)
- throw Poco::Net::NotAuthenticatedException("Missing JWT");
-
- const std::string jwtToken = request["Cookie"].substr(pos + 1);
+ const std::string jwtToken = cookies.get("jwt");
Log::info("Verifying JWT token: " + jwtToken);
JWTAuth authAgent(sslKeyPath, "admin", "admin", "admin");
if (authAgent.verify(jwtToken))
@@ -74,7 +74,12 @@ bool
FileServerRequestHandler::isAdminLoggedIn(HTTPServerRequest& request, HTTPS
Log::info("Invalid JWT token, let the administrator re-login");
}
+ catch (const Poco::Exception& exc)
+ {
+ Log::info("No existing JWT cookie found");
+ }
+ // If no cookie found, or is invalid, let admin re-login
const auto user = config.getString("admin_console.username", "");
const auto pass = config.getString("admin_console.password", "");
if (user.empty() || pass.empty())
commit 319dd5659875d37f77dcb0c59c1fd70bb3444037
Author: Pranav Kant <pran...@collabora.co.uk>
Date: Tue Jul 19 23:15:10 2016 +0530
loolwsd: Don't send an empty result in frame
Change-Id: Ia4cf4c6d49be4b65d075c8380994dd7115ba2dc6
diff --git a/loolwsd/Admin.cpp b/loolwsd/Admin.cpp
index 952544b..c8405b2 100644
--- a/loolwsd/Admin.cpp
+++ b/loolwsd/Admin.cpp
@@ -67,8 +67,11 @@ bool AdminRequestHandler::adminCommandHandler(const
std::vector<char>& payload)
tokens[0] == "mem_stats" ||
tokens[0] == "cpu_stats" )
{
- const std::string responseFrame = tokens[0] + " " +
model.query(tokens[0]);
- sendTextFrame(responseFrame);
+ std::string responseFrame = tokens[0] + " ";
+ const std::string result = model.query(tokens[0]);
+ responseFrame += result;
+ if (result != "")
+ sendTextFrame(responseFrame);
}
else if (tokens[0] == "subscribe" && tokens.count() > 1)
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
