IMPORTANT: security/authorization changes, cache user privileges add

Author: nikitaeverywhere

%WebTerminal/Engine.cls.xml

@@ -3,9 +3,7 @@
 <Class name="%WebTerminal.Engine">
 <Description>
 This class represents the core of web terminal.
-All operations with opened WebSocket placed here.
-CLASS USES GLOBAL ^|"%SYS"|%WebTerminal.AuthKey for client
-authorization.</Description>
+All operations with opened WebSocket placed here.</Description>
 <Super>%CSP.WebSocket,%Library.Routine</Super>
 <TimeCreated>63047,60359.445979</TimeCreated>
 
@@ -83,6 +81,10 @@ Last joined client id</Description>
 <InitialExpression>$c(7)</InitialExpression>
 </Property>
 
+<Parameter name="ConstServerActionExecuteStack">
+<Expression>$c(8)</Expression>
+</Parameter>
+
 <Property name="ConstClientEnterClearIO">
 <Type>%Char</Type>
 <InitialExpression>$c(1)</InitialExpression>
@@ -128,6 +130,11 @@ Last joined client id</Description>
 <InitialExpression>$c(9)</InitialExpression>
 </Property>
 
+<Property name="ConstClientLoginInfo">
+<Type>%Char</Type>
+<InitialExpression>$c(10)</InitialExpression>
+</Property>
+
 <Property name="CurrentNamespace">
 <Type>%String</Type>
 </Property>
@@ -686,12 +693,14 @@ Ends clear I/O mode</Description>
 </Method>
 
 <Method name="ParseError">
+<Description>
+This method transforms error </Description>
 <ClassMethod>1</ClassMethod>
 <FormalSpec>string:%String</FormalSpec>
 <ReturnType>%String</ReturnType>
 <Implementation><![CDATA[
 	set string = $REPLACE($REPLACE(string, ">", "<"), ".Engine.", "<")
-	quit "An error occured: " _ $PIECE(string, "<", 2) _
+	quit "ERROR: " _ $PIECE(string, "<", 2) _
 		$EXTRACT($PIECE(string, "<", 4), 2, *)
 ]]></Implementation>
 </Method>
@@ -732,15 +741,38 @@ This method holds process and expects only one package from
 the client - it includes authorization key.</Description>
 <ReturnType>%Status</ReturnType>
 <Implementation><![CDATA[
-	set key = ..Read(,.status,..#authorizationTimeout) // wait for package
-	set realKey = ..GetAuthKey() // remember current auth key
-	do ..GenerateAuthKey() // generate new auth key
-	
-	if (key = realKey) {
-		quit $$$OK
-	}
+	set authKey = ..Read(,.status,..#authorizationTimeout) // wait for package
+	set ok = $$$NOTOK
+	
+	/*
+	 * Find given CSPSessionCookie in session list. If found, grant access
+	 */
+	SET key = $ORDER(^%cspSession(""))
+   	WHILE (key '= "") {
+	   	set lb = $GET(^%cspSession(key))
+    	if (lb '= "") {
+    		if ($LISTGET(lb, 8) = authKey) {
+	    		
+	    		// setup privileges
+	    		ZNSPACE $LISTGET(lb, 7) // namespace
+	    		
+	    		set user = $LISTGET($LISTGET(lb, 16), 1) // user
+	    		set loginStatus = ##class(%SYSTEM.Security).Login($LISTGET($LISTGET(lb, 16), 1))
+	    		if ($$$ISOK(loginStatus)) {
+					do ..SendData(user,..ConstClientLoginInfo)
+	    		} else {
+		    		do ..SendData("!",..ConstClientLoginInfo)
+	    		}
+	    		
+	    		set ok = loginStatus
+	    		BREAK
+	    		
+    		}
+    	}
+    	SET key = $ORDER(^%cspSession(key))
+ 	}
 	
-	quit $$$NOTOK
+	quit ok
 ]]></Implementation>
 </Method>
 
@@ -859,7 +891,7 @@ New connection established</Description>
 		do ..SendData("1", ..ConstClientAuthorizationStatus)
 		do ..SendData(..CurrentNamespace, ..ConstClientChangeNamespace)
 		   
-		use $io::("^" _ ..InitialZName)
+		use $io::("^" _ ..InitialZName) // switch to routine
 		do ..ClientLoop()
 		
 	} else {

csp/webTerminal/index.csp.xml

@@ -136,7 +136,7 @@
         </div>
         <script type="text/javascript" id="startup">
             try {
-                application.authorizationKey = "#(##Class(%WebTerminal.Engine).GetAuthKey())#";
+                application.authorizationKey = "#(%session.CSPSessionCookie)#";
                 application.initialize();
             } catch (e) {
                 alert("Unable to initialize terminal: check console output.");

csp/webTerminal/js/application.js.xml

@@ -6,7 +6,7 @@
  */
 var application = new function() {
 
-    var version = "0.9.9 beta"; // link to language.js
+    var version = "0.9.9.5 beta"; // link to language.js
     this.debug = false; // remove for release
     this.debugUrlPart = "172.27.25.133:57772"; // in-debug mode
 

csp/webTerminal/js/language.js.xml

@@ -29,7 +29,7 @@ var lang = new function() {
             0: parser.highlightHTML("/help"),
             1: parser.highlightHTML("/tip"),
             2: parser.highlightHTML("/connect"),
-            3: "0.9.9 beta",
+            3: "0.9.9.5 beta",
             4: 1,
             5: parser.highlightHTML("set test = 12"),
             6: parser.highlightHTML("write test"),
@@ -743,6 +743,14 @@ var lang = new function() {
         77: {
             en: "Caché WEB Terminal",
             ru: "WEB-терминал Caché"
+        },
+        78: {
+            en: "Logged as",
+            ru: "Вход выполнен для"
+        },
+        79: {
+            en: "Login failed.",
+            ru: "Вход не выполнен."
         }
     };
 

csp/webTerminal/js/terminal.js.xml

@@ -32,8 +32,9 @@
  *      7       ECHO (body)                                 Read char
  *      8                                                   Authorization status (body: 1/0)
  *      9                                                   Watch (body: name)
- *
- *  Clear I/O mode
+ *		10													LoginInfo (body: user logged in)
+ *  
+ *	Clear I/O mode
  *      In this mode terminal client will listen for data from server and output any data as it is, without any action
  *      identifiers. The same with terminal: any data sent to server won't include any identifiers.
  *
@@ -71,7 +72,8 @@ var terminal = new function() {
         READ_STRING: String.fromCharCode(6), // reads string - removes namespace like in common terminal
         READ_CHARACTER: String.fromCharCode(7), // reads character - removes namespace like in common terminal
         AUTHORIZATION_STATUS: String.fromCharCode(8), // alerts client about authorization success. Holds 1/0
-        WATCH: String.fromCharCode(9) // start watching
+        WATCH: String.fromCharCode(9), // start watching
+        LOGIN_INFO: String.fromCharCode(10)
     };
 
     /**
@@ -319,6 +321,13 @@ var terminal = new function() {
                 case terminal.clientActions.WATCH: {
                     terminal.watches.watch(data.trim());
                 } break;
+                case terminal.clientActions.LOGIN_INFO: {
+                    if (data.charAt(0) === "!") {
+	                    terminal.output.write(lang.get(79) + " " + data.substr(1));
+                    } else if (!settings.get_cleanStartup()) {
+	                    terminal.output.write(lang.get(78) + " " + data);
+                    }
+                } break;
                 default: {
                     log.write("Unrecognised action from server.");
                     terminal.output.write(data);