fix security syncedSession

cloudwork · Jul 23, 2010 · 3fc806a · 3fc806a
1 parent f1b2967
commit 3fc806a
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/lib/security.js b/lib/security.js
@@ -5,7 +5,6 @@
 var AccessError = require("perstore/errors").AccessError,
 	first = require("promised-io/lazy-array").first,
 	when = require("promised-io/promise").when,
-	settings = require("commonjs-utils/settings"),
 	getCurrentSession = require("./jsgi/session").getCurrentSession,
 	Restrictive = require("perstore/facet").Restrictive,
 	sha1 = require("commonjs-utils/sha1").b64_sha1;
@@ -22,15 +21,14 @@ exports.DefaultSecurity = function(){
 	// allow JSON-RPC authentication
 	var Class = require("perstore/model").classModel;
 
-	function authenticate(username, password, expires){
-		var syncedSession = require("commonjs-utils/settings").settings.forceSession;
+	function authenticate(username, password, expires, request){
 		try{
 			return username ? when(security.authenticate(username, password),
 				function (user){
-					var session = syncedSession ? request.session : getCurrentSession(true, expires);
+					var session = request ? request.session : getCurrentSession(true, expires);
 					if (session && user) {
 						session.user = user.id;
-						if (!syncedSession) session.save();
+						if (!request) session.save();
 					}
 					return user;
 				}, onError) : onError();
@@ -39,10 +37,10 @@ exports.DefaultSecurity = function(){
 		}
 		// N.B. we use errBack in when() --> any exception will result in silent logout!!!
 		function onError(e){
-			var session = syncedSession ? request.session : getCurrentSession();
+			var session = request ? request.session : getCurrentSession();
 			if(session && session.user){
 				session.user = null;
-				if (!syncedSession) session.save();
+				if (!request) session.save();
 			}
 			if (e) throw e;
 		}
@@ -97,7 +95,7 @@ exports.DefaultSecurity = function(){
 					var username = body.user;
 					var password = body.password;
 					switch(body.method){
-						case "authenticate": 
+						case "authenticate":
 							return authenticate(username, password, body.expires);
 						case "createUser":
 							return security.createUser(username, password);