alarmSocket: customizing authorization requirements

This patch is intended to allow customizing the behavior for whether or not to prompt for authorization before subscribing or acknolweding alarms. There was a bug in previous attempts where the profileeditor would be double initialized, causing the profileeditor to remove some buttons from the GUI. This patch adds checking for a permission specifically related to acknolwedging alarms, as well as avoids double-initializing the editor, which causes the issue with the GUI.
tynbendad · Oct 22, 2023 · 0fbacfd · 0fbacfd
1 parent 9f2f98b
commit 0fbacfd
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 25 deletions.
diff --git a/lib/api3/alarmSocket.js b/lib/api3/alarmSocket.js
@@ -46,7 +46,7 @@ function AlarmSocket (app, env, ctx) {
       socket.on('subscribe', function onSubscribe (message, returnCallback) {
         self.subscribe(socket, message, returnCallback);
       });
-	  
+
     });
 
     ctx.bus.on('notification', self.emitNotification);
@@ -65,7 +65,7 @@ function AlarmSocket (app, env, ctx) {
   self.subscribe = function subscribe (socket, message, returnCallback) {
     const shouldCallBack = typeof(returnCallback) === 'function';
 
-	// Native client
+    // Native client
     if (message && message.accessToken) {
       return ctx.authorization.resolveAccessToken(message.accessToken, function resolveFinishForToken (err, auth) {
         if (err) {
@@ -76,24 +76,38 @@ function AlarmSocket (app, env, ctx) {
           }
           return err;
         } else {
-		  // Subscribe for acking alarms
-		  socket.on('ack', function onAck (level, group, silenceTime) {
-			ctx.notifications.ack(level, group, silenceTime, true);
-	        console.info(LOG + 'ack received ' + level + ' ' + group + ' ' + silenceTime);
-	      });
+      // Subscribe for acking alarms
+      socket.on('ack', function onAck (level, group, silenceTime) {
+      ctx.notifications.ack(level, group, silenceTime, true);
+          console.info(LOG + 'ack received ' + level + ' ' + group + ' ' + silenceTime);
+        });
 
-		  var okResponse = { success: true, message: 'Subscribed for alarms' }
+      var okResponse = { success: true, message: 'Subscribed for alarms' }
           if (shouldCallBack) {
             returnCallback(okResponse);
           }
           return okResponse;
         }
       });
     }
-
-	// Web client (jwt access token or api_hash)
-    if (message && (message.jwtToken || message.secret)) {
+
+    if (!message) { message = {}; }
+    console.log("AUTH TEST", message, env.settings.authenticationPromptOnLoad);
+    // Web client (jwt access token or api_hash)
+    var shouldTry = true;
+    if (env.settings.authenticationPromptOnLoad) {
+      if (!message.jwtToken || !message.secret) {
+        shouldTry = false;
+      }
+    }
+    if (message && shouldTry) {
       return ctx.authorization.resolve({ api_secret: message.secret, token: message.jwtToken, ip: getRemoteIP(socket.request) }, function resolveFinish (err, auth) {
+        console.log("AUTH FOR ALARMS", err, auth);
+        var perms = {
+        read: ctx.authorization.checkMultiple('api:*:read', auth.shiros)
+        , ack: ctx.authorization.checkMultiple('api:*:write', auth.shiros)
+        };
+        console.log("AUTH FOR ALARMS", err, auth, perms);
         if (err) {
           console.log(`${LOG_ERROR} Authorization failed for jwtToken:`, message.jwtToken);
 
@@ -102,13 +116,15 @@ function AlarmSocket (app, env, ctx) {
           }
           return err;
         } else {
-		  // Subscribe for acking alarms
-		  socket.on('ack', function onAck (level, group, silenceTime) {
-			ctx.notifications.ack(level, group, silenceTime, true);
-	        console.info(LOG + 'ack received ' + level + ' ' + group + ' ' + silenceTime);
-	      });
+          // Subscribe for acking alarms
+          if (perms.ack) {
+            socket.on('ack', function onAck (level, group, silenceTime) {
+              ctx.notifications.ack(level, group, silenceTime, true);
+              console.info(LOG + 'ack received ' + level + ' ' + group + ' ' + silenceTime);
+              });
+          }
 
-		  var okResponse = { success: true, message: 'Subscribed for alarms' }
+          var okResponse = { success: true, message: 'Subscribed for alarms', ...perms };
           if (shouldCallBack) {
             returnCallback(okResponse);
           }

diff --git a/lib/client/index.js b/lib/client/index.js
@@ -1146,15 +1146,28 @@ client.load = function load (serverSettings, callback) {
         }
 
         console.log('Subscribed for alarms', data);
-        if (client.settings.authenticationPromptOnLoad && !data.success) {
-          client.hashauth.requestAuthentication(function afterRequest () {
-            client.hashauth.updateSocketAuth();
-            if (callback) {
-              callback();
-            }
-          });
+        var shouldAuthenticationPromptOnLoad = client.settings.authenticationPromptOnLoad ;
+        console.log("shouldAuthenticationPromptOnLoad", shouldAuthenticationPromptOnLoad, !shouldAuthenticationPromptOnLoad && !data.success, data, data.read, hasRequiredPermission( ));
+        if (!data.success) {
+          console.log("SHOULD REQUEST AUTHENTICATION", callback);
+          if (!data.read || !hasRequiredPermission() || shouldAuthenticationPromptOnLoad) {
+            return client.hashauth.requestAuthentication(function afterRequest () {
+              console.log("SHOULD REQUEST AUTHENTICATION");
+              return client.hashauth.updateSocketAuth();
+              if (callback) {
+                callback();
+              }
+            });
+          }
+          if (callback) {
+            console.log("ISSUING CALLBACK NEW BRANCH");
+            callback();
+          }
         } else if (callback) {
-          callback();
+          console.log("HAS OTHER BRANCH", callback);
+          if (shouldAuthenticationPromptOnLoad) {
+            callback();
+          }
         }
       }
     );

diff --git a/lib/profile/profileeditor.js b/lib/profile/profileeditor.js
@@ -18,6 +18,7 @@ var init = function init () {
 
   client.init(function loaded () {
 
+  console.log("LOADING CLIENT INIT");
   if (c_profile !== null) {
       return; // already loaded so don't load again
   }
@@ -151,6 +152,7 @@ var init = function init () {
   }
 
   function initeditor() {
+    console.log("INITEDITOR", client.settings.extendedSettings.profile, client.settings.extendedSettings.profile?.history, client.settings.extendedSettings.profile && client.settings.extendedSettings.profile.history);
     $('#pe_history').toggle(client.settings.extendedSettings.profile && client.settings.extendedSettings.profile.history);
     $('#pe_multiple').toggle(client.settings.extendedSettings.profile && client.settings.extendedSettings.profile.multiple);