(core) have user.Name come from database for websocket users

Summary: The name of a user for actions made using a websocket until now could be inconsistent with that seen by other means. This draws the name from the database, rather than from session information that may have been cached from an identity provider.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D3379
This commit is contained in:
Paul Fitzpatrick 2022-04-13 16:22:35 -04:00
parent dea1a8ba1b
commit c1af5a9803
2 changed files with 19 additions and 7 deletions

View File

@ -85,6 +85,7 @@ function Comm(server, options) {
this._settings = options.settings; this._settings = options.settings;
this._hosts = options.hosts; this._hosts = options.hosts;
this._dbManager = options.dbManager;
// This maps method names to their implementation. // This maps method names to their implementation.
this.methods = {}; this.methods = {};
@ -155,13 +156,23 @@ Comm.prototype._broadcastMessage = function(type, data, clients) {
/** /**
* Returns a profile based on the request or session. * Returns a profile based on the request or session.
*/ */
Comm.prototype._getSessionProfile = function(scopedSession, req) { Comm.prototype._getSessionProfile = async function(scopedSession, req) {
const profile = getRequestProfile(req); const profile = getRequestProfile(req) || await scopedSession.getSessionProfile();
if (profile) { if (this._dbManager && profile?.email) {
return Promise.resolve(profile); try {
} else { // Use latest user name in database, since user name is now exposed via
return scopedSession.getSessionProfile(); // user.Name in granular access support.
// TODO: might want to subscribe to changes to user information while
// the document is open.
const user = await this._dbManager.getUserByLogin(profile.email, {profile});
profile.name = user.name;
} catch (e) {
// Not an expected problem, log it and fail brutally.
log.debug(`Comm: failed to look up user in database ${profile.email}`);
throw e;
}
} }
return profile;
}; };

View File

@ -819,12 +819,13 @@ export class FlexServer implements GristServer {
} }
public addComm() { public addComm() {
if (this._check('comm', 'start')) { return; } if (this._check('comm', 'start', 'homedb')) { return; }
this._comm = new Comm(this.server, { this._comm = new Comm(this.server, {
settings: this.settings, settings: this.settings,
sessions: this._sessions, sessions: this._sessions,
hosts: this._hosts, hosts: this._hosts,
httpsServer: this.httpsServer, httpsServer: this.httpsServer,
dbManager: this._dbManager,
}); });
} }
/** /**