mirror of
https://github.com/ether/etherpad-lite.git
synced 2026-07-19 01:24:19 +00:00
Merge afb3a4a928 into 9a6109bd1d
This commit is contained in:
commit
2d889b92dc
2 changed files with 14 additions and 4 deletions
|
|
@ -75,10 +75,13 @@ exports.checkAccess = async (padID:string, sessionCookie:string, token:string, u
|
|||
}
|
||||
|
||||
// Authentication and authorization checks.
|
||||
if (settings.loadTest) {
|
||||
console.warn(
|
||||
'bypassing socket.io authentication and authorization checks due to settings.loadTest');
|
||||
} else if (settings.requireAuthentication) {
|
||||
// settings.loadTest just short-circuits authn/authz; the user-facing
|
||||
// warning about this configuration choice is logged from Settings.ts
|
||||
// during settings load/reload, not on every request. Re-logging it
|
||||
// here was costing ~4% of process CPU in the 100-400 author dive
|
||||
// sweep (#7756): the routed-console-warn went through log4js's
|
||||
// clustering dispatch on every message.
|
||||
if (!settings.loadTest && settings.requireAuthentication) {
|
||||
if (userSettings == null) {
|
||||
authLogger.debug('access denied: authentication is required');
|
||||
return DENY;
|
||||
|
|
|
|||
|
|
@ -1262,6 +1262,13 @@ export const reloadSettings = () => {
|
|||
logger.warn("logLayoutType: " + settings.logLayoutType);
|
||||
initLogging(settings.logconfig);
|
||||
|
||||
if (settings.loadTest) {
|
||||
logger.warn(
|
||||
'settings.loadTest is true: SecurityManager.checkAccess() will bypass ' +
|
||||
'authentication and authorization for both HTTP and socket.io requests. ' +
|
||||
'Do NOT enable this in production.');
|
||||
}
|
||||
|
||||
if (!settings.skinName) {
|
||||
logger.warn('No "skinName" parameter found. Please check out settings.json.template and ' +
|
||||
'update your settings.json. Falling back to the default "colibris".');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue