Author: johnh
Date: Tue Apr 7 21:56:42 2009
New Revision: 762984
URL: http://svn.apache.org/viewvc?rev=762984&view=rev
Log:
Fixing rpc.js authToken checking behavior introduced in r760649. Ensures that
authToken[...] members are all of type string, to ensure proper comparison with
tokens passed as URL params. Previous CL ignored type coercion comment. This
fix makes logic more explicit across the board.
Also, removes the duplicate process(rpc) method introduced in same.
Modified:
incubator/shindig/trunk/features/src/main/javascript/features/rpc/rpc.js
Modified:
incubator/shindig/trunk/features/src/main/javascript/features/rpc/rpc.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/src/main/javascript/features/rpc/rpc.js?rev=762984&r1=762983&r2=762984&view=diff
==============================================================================
--- incubator/shindig/trunk/features/src/main/javascript/features/rpc/rpc.js
(original)
+++ incubator/shindig/trunk/features/src/main/javascript/features/rpc/rpc.js
Tue Apr 7 21:56:42 2009
@@ -207,70 +207,11 @@
// Validate auth token.
if (authToken[rpc.f]) {
- // We allow type coercion here because all the url params are strings.
- if (authToken[rpc.f] != rpc.t) {
- throw new Error("Invalid auth token. " + rpc.f + " vs " + rpc.t);
- }
- }
-
- // If there is a callback for this service, attach a callback function
- // to the rpc context object for asynchronous rpc services.
- //
- // Synchronous rpc request handlers should simply ignore it and return a
- // value as usual.
- // Asynchronous rpc request handlers, on the other hand, should pass its
- // result to this callback function and not return a value on exit.
- //
- // For example, the following rpc handler passes the first parameter back
- // to its rpc client with a one-second delay.
- //
- // function asyncRpcHandler(param) {
- // var me = this;
- // setTimeout(function() {
- // me.callback(param);
- // }, 1000);
- // }
- if (rpc.c) {
- rpc.callback = function(result) {
- gadgets.rpc.call(rpc.f, CALLBACK_NAME, null, rpc.c, result);
- };
- }
-
- // Call the requested RPC service.
- var result = (services[rpc.s] ||
- services[DEFAULT_NAME]).apply(rpc, rpc.a);
-
- // If the rpc request handler returns a value, immediately pass it back
- // to the callback. Otherwise, do nothing, assuming that the rpc handler
- // will make an asynchronous call later.
- if (rpc.c && typeof result !== 'undefined') {
- gadgets.rpc.call(rpc.f, CALLBACK_NAME, null, rpc.c, result);
- }
- }
- }
-
- /**
- * Helper function to process an RPC request
- * @param {Object} rpc RPC request object
- * @private
- */
- function process(rpc) {
- //
- // RPC object contents:
- // s: Service Name
- // f: From
- // c: The callback ID or 0 if none.
- // a: The arguments for this RPC call.
- // t: The authentication token.
- //
- if (rpc && typeof rpc.s === 'string' && typeof rpc.f === 'string' &&
- rpc.a instanceof Array) {
-
- // Validate auth token.
- if (authToken[rpc.f]) {
- // We allow type coercion here because all the url params are strings.
+ // We don't do type coercion here because all entries in the authToken
+ // object are strings, as are all url params. See setAuthToken(...).
if (authToken[rpc.f] !== rpc.t) {
- throw new Error("Invalid auth token.");
+ throw new Error("Invalid auth token. " +
+ authToken[rpc.f] + " vs " + rpc.t);
}
}
@@ -966,7 +907,13 @@
* @member gadgets.rpc
*/
setAuthToken: function(targetId, token) {
- authToken[targetId] = token;
+ token = token || "";
+
+ // Coerce token to a String, ensuring that all authToken values
+ // are strings. This ensures correct comparison with URL params
+ // in the process(rpc) method.
+ authToken[targetId] = String(token);
+
setupFrame(targetId, token);
},
