Commit dd79d819 authored by Robert Knight's avatar Robert Knight

Verify userid after connecting to WebSocket

Listen for the 'whoyouare' reply to the 'whoami' request sent after the
WebSocket connects and log a warning if the userid does not match the
logged-in user for any reason.
parent 2ac6c816
......@@ -123,6 +123,11 @@ function Streamer($rootScope, annotationMapper, annotationUI, auth,
handleAnnotationNotification(message);
} else if (message.type === 'session-change') {
handleSessionChangeNotification(message);
} else if (message.type === 'whoyouare') {
var userid = annotationUI.getState().session.userid;
if (message.userid !== userid) {
console.warn('WebSocket user ID "%s" does not match logged-in ID "%s"', message.userid, userid);
}
} else {
console.warn('received unsupported notification', message.type);
}
......
......@@ -115,6 +115,11 @@ describe('Streamer', function () {
fakeAnnotationUI = {
annotationExists: sinon.stub().returns(false),
isSidebar: sinon.stub().returns(true),
getState: sinon.stub().returns({
session: {
userid: 'jim@hypothes.is',
},
}),
};
fakeGroups = {
......@@ -415,6 +420,60 @@ describe('Streamer', function () {
});
});
describe('whoyouare notifications', function () {
beforeEach(function () {
sinon.stub(console, 'warn');
});
afterEach(function () {
console.warn.restore();
});
unroll('does nothing if the userid matches the logged-in userid', function (testCase) {
fakeAnnotationUI.getState.returns({
session: {
userid: testCase.userid,
},
});
createDefaultStreamer();
return activeStreamer.connect().then(function () {
fakeWebSocket.notify({
type: 'whoyouare',
userid: testCase.websocketUserid,
});
assert.notCalled(console.warn);
});
}, [{
userid: 'acct:mr_bond@hypothes.is',
websocketUserid: 'acct:mr_bond@hypothes.is',
},{
userid: null,
websocketUserid: null,
}]);
unroll('logs a warning if the userid does not match the logged-in userid', function (testCase) {
fakeAnnotationUI.getState.returns({
session: {
userid: testCase.userid,
},
});
createDefaultStreamer();
return activeStreamer.connect().then(function () {
fakeWebSocket.notify({
type: 'whoyouare',
userid: testCase.websocketUserid,
});
assert.called(console.warn);
});
}, [{
userid: 'acct:mr_bond@hypothes.is',
websocketUserid: 'acct:the_spanish_inquisition@hypothes.is',
}, {
userid: null,
websocketUserid: 'acct:the_spanish_inquisition@hypothes.is',
}]);
});
describe('reconnections', function () {
it('resends configuration messages when a reconnection occurs', function () {
createDefaultStreamer();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment