alarmSocket: document and prep concept

This patch eliminates debugging logging in favor of commentary to capture how, where, and why alarmSocket feature is causing different pages to demand the authentication prompt in a variety of circumstances.
tynbendad · Oct 22, 2023 · d8fe025 · d8fe025
1 parent e0c35bc
commit d8fe025
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/lib/api3/alarmSocket.js b/lib/api3/alarmSocket.js
@@ -92,22 +92,34 @@ function AlarmSocket (app, env, ctx) {
     }
 
     if (!message) { message = {}; }
-    console.log("AUTH TEST", message, env.settings.authenticationPromptOnLoad);
     // Web client (jwt access token or api_hash)
+    /*
+    * On the web: a client may have saved a secret or using a jwtToken, or may have none.
+    * Some pages will automatically prompt for authorization, when needed.
+    * To make the main homepage require authorization as well, set
+    * AUTHENTICATION_PROMPT_ON_LOAD=true.
+    *
+    * If there is missing authorization when authorization is required,
+    * rejecting the attempt in order to trigger a prompt on the client.
+    * If there is no authorization required, or there are available
+    * credentials, attempt to resolve the available permissions.
+    * When processing ACK messages that dismiss alarms, Authorization should be
+    * required.
+    */
     var shouldTry = true;
     if (env.settings.authenticationPromptOnLoad) {
-      if (!message.jwtToken || !message.secret) {
+      if (!message.jwtToken && !message.secret) {
         shouldTry = false;
       }
     }
+
     if (message && shouldTry) {
       return ctx.authorization.resolve({ api_secret: message.secret, token: message.jwtToken, ip: getRemoteIP(socket.request) }, function resolveFinish (err, auth) {
-        console.log("AUTH FOR ALARMS", err, auth);
+
         var perms = {
         read: ctx.authorization.checkMultiple('api:*:read', auth.shiros)
         , ack: ctx.authorization.checkMultiple('api:*:write', auth.shiros)
         };
-        console.log("AUTH FOR ALARMS", err, auth, perms);
         if (err) {
           console.log(`${LOG_ERROR} Authorization failed for jwtToken:`, message.jwtToken);
 

diff --git a/lib/client/index.js b/lib/client/index.js
@@ -1147,24 +1147,20 @@ client.load = function load (serverSettings, callback) {
 
         console.log('Subscribed for alarms', data);
         var shouldAuthenticationPromptOnLoad = client.settings.authenticationPromptOnLoad ;
-        console.log("shouldAuthenticationPromptOnLoad", shouldAuthenticationPromptOnLoad, !shouldAuthenticationPromptOnLoad && !data.success, data, data.read, hasRequiredPermission( ));
         if (!data.success) {
-          console.log("SHOULD REQUEST AUTHENTICATION", callback);
           if (!data.read || !hasRequiredPermission() || shouldAuthenticationPromptOnLoad) {
             return client.hashauth.requestAuthentication(function afterRequest () {
-              console.log("SHOULD REQUEST AUTHENTICATION");
               return client.hashauth.updateSocketAuth();
               if (callback) {
                 callback();
               }
             });
           }
           if (callback) {
-            console.log("ISSUING CALLBACK NEW BRANCH");
             callback();
           }
         } else if (callback) {
-          console.log("HAS OTHER BRANCH", callback);
+          // Callback is client.init, causing the prompt to appear.
           if (shouldAuthenticationPromptOnLoad) {
             callback();
           }