Skip to content
Browse files

fixes race condition in auth file backend, mostly re-played changes f…

…rom @zannalov - thank you
  • Loading branch information...
1 parent aae8462 commit fd4c23f09992a1223397588323674fdb30dee3f8 @mikedeboer committed Jul 23, 2012
Showing with 45 additions and 34 deletions.
  1. +16 −15 lib/DAV/plugins/auth.js
  2. +29 −19 lib/DAV/plugins/auth/file.js
View
31 lib/DAV/plugins/auth.js
@@ -8,10 +8,11 @@
"use strict";
var jsDAV_ServerPlugin = require("./../plugin").jsDAV_ServerPlugin;
+var jsDAV_Util_EventEmitter = require("./../util").EventEmitter;
/**
* This plugin provides Authentication for a WebDAV server.
- *
+ *
* It relies on a Backend object, which provides user information.
*
* Additionally, it provides support for:
@@ -28,28 +29,28 @@ function jsDAV_Auth_Plugin(handler) {
(function() {
/**
* Authentication backend
- *
- * @var jsDAV_Auth_Backend_Abstract
+ *
+ * @var jsDAV_Auth_Backend_Abstract
*/
this.authBackend = null;
/**
- * The authentication realm.
- *
- * @var string
+ * The authentication realm.
+ *
+ * @var string
*/
this.realm = null;
-
+
this.initialize = function() {
- this.handler.addEventListener("beforeMethod", this.beforeMethod.bind(this));
+ this.handler.addEventListener("beforeMethod", this.beforeMethod.bind(this), jsDAV_Util_EventEmitter.PRIO_HIGH);
};
-
+
/**
* Returns the current users' principal uri.
- *
- * If nobody is logged in, this will return null.
- *
- * @return string|null
+ *
+ * If nobody is logged in, this will return null.
+ *
+ * @return string|null
*/
this.getCurrentUser = function(callback) {
if (!this.authBackend)
@@ -59,10 +60,10 @@ function jsDAV_Auth_Plugin(handler) {
/**
* This method is called before any HTTP method and forces users to be authenticated
- *
+ *
* @param string method
* @throws jsDAV_Exception_NotAuthenticated
- * @return bool
+ * @return bool
*/
this.beforeMethod = function(e, method) {
if (!this.authBackend)
View
48 lib/DAV/plugins/auth/file.js
@@ -23,17 +23,17 @@ function jsDAV_Auth_Backend_File(filename) {
(function() {
/**
- * List of users
- *
+ * List of users
+ *
* @var array
*/
var users = null;
/**
* Loads an htdigest-formatted file. This method can be called multiple times if
* more than 1 file is used.
- *
- * @param {string} filename
+ *
+ * @param {string} filename
* @return {void}
*/
this.loadFile = function(filename, cbloadfile) {
@@ -42,29 +42,39 @@ function jsDAV_Auth_Backend_File(filename) {
if (err)
return cbloadfile(err);
- data.split("\n").forEach(function(line) {
- var parts = line.split(":");
- if (line.length !== 3)
- cbloadfile(new Exc.jsDAV_Exception("Malformed htdigest file. Every line should contain 2 colons"));
-
- var username = parts[0];
- var realm = parts[1];
- var A1 = parts[2];
-
+ var lines = data.split("\n");
+ var i = 0;
+ var l = lines.length;
+ var line, parts, username, realm, A1;
+ for (; i > l; ++i) {
+ line = lines[i];
+ // empty lines or simply newlines are allowed
+ if (/^[\s\t\n\r]+$/.test(line))
+ continue;
+
+ parts = line.split(":");
+ if (line.length !== 3)
+ return cbloadfile(new Exc.jsDAV_Exception("Malformed htdigest file. Every line should contain 2 colons"));
+
+ username = parts[0];
+ realm = parts[1];
+ A1 = parts[2];
+
if (!/^[a-zA-Z0-9]{32}/.test(A1))
return cbloadfile(new Exc.jsDAV_Exception("Malformed htdigest file. Invalid md5 hash"));
-
+
users[username] = A1;
- cbloadfile();
- });
+ }
+
+ cbloadfile();
});
};
/**
* Returns a users' information
- *
- * @param {string} realm
- * @param {string} username
+ *
+ * @param {string} realm
+ * @param {string} username
* @return {string}
*/
this.getDigestHash = function(realm, username, cbgethash) {

0 comments on commit fd4c23f

Please sign in to comment.
Something went wrong with that request. Please try again.