RUN-3269 fixed the isConnectionAuthenticated check to include multi r…

…untime RUN-3269 fixed the isConnectionAuthenticated check to include multi runtime Merge pull request #149 from rdepena/feature/RUN-3269_runtimeUuid_check
HadoukenIO · Aug 22, 2017 · 7a85ea6 · 7a85ea6
2 parents 571885a + 9df88f0
commit 7a85ea6
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/browser/api_protocol/api_handlers/authorization.js b/src/browser/api_protocol/api_handlers/authorization.js
@@ -215,15 +215,16 @@ module.exports.init = function() {
 
 const isConnectionAuthenticated = (msg, next) => {
     const { data, nack, identity, strategyName } = msg;
-    const { uuid } = identity;
+    const { runtimeUuid, uuid } = identity;
     const action = data && data.action;
+    const uuidToCheck = runtimeUuid || uuid; //determine if the msg came as a forwarded action from a peer runtime.
 
     // Prevent all API calls from unauthenticated external connections,
     // except for authentication APIs
     if (
         strategyName === 'WebSocketStrategy' && // external connection
         !authenticationApiMap.hasOwnProperty(action) && // not an authentication action
-        !ExternalApplication.getExternalConnectionByUuid(uuid) // connection not authenticated
+        !ExternalApplication.getExternalConnectionByUuid(uuidToCheck) // connection not authenticated
     ) {
         return nack(new Error('This connection must be authenticated first'));
     }