From 0369266d601fdb96e670b655f6235b7ca996b5d6 Mon Sep 17 00:00:00 2001
From: Ian Gulliver <ian@isinglasstheater.org>
Date: Thu, 1 May 2014 14:55:50 -0700
Subject: [PATCH] Remove the getUser API call and replace it with channel
 messages. Close channels when log in/out events occur for security.

---
 api.py                | 30 +++++++++++++-----------------
 static/cosmopolite.js | 20 ++++++++++++++++----
 2 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/api.py b/api.py
index 9b0f8e3..981f88d 100644
--- a/api.py
+++ b/api.py
@@ -26,20 +26,6 @@ from cosmopolite.lib import utils
 import config
 
 
-class GetUser(webapp2.RequestHandler):
-  @utils.chaos_monkey
-  @utils.returns_json
-  @utils.local_namespace
-  @security.google_user_xsrf_protection
-  @security.weak_security_checks
-  @session.session_required
-  def post(self):
-    ret = {}
-    if self.verified_google_user:
-      ret['google_user'] = self.verified_google_user.email()
-    return ret
-
-
 class SetValue(webapp2.RequestHandler):
   @utils.chaos_monkey
   @utils.returns_json
@@ -89,15 +75,25 @@ class CreateChannel(webapp2.RequestHandler):
     token = channel.create_channel(
         client_id=str(self.client.key()),
         duration_minutes=config.CHANNEL_DURATION_SECONDS / 60)
+    messages = [x.ToMessage()
+                for x in self.client.parent().GetStateEntries()]
+    if self.verified_google_user:
+      messages.append({
+          'message_type': 'login',
+          'google_user':  self.verified_google_user.email(),
+      })
+    else:
+      messages.append({
+          'message_type': 'logout',
+      })
+
     return {
       'token': token,
-      'messages': [x.ToMessage()
-                   for x in self.client.parent().GetStateEntries()],
+      'messages': messages,
     }
 
 
 app = webapp2.WSGIApplication([
   (config.URL_PREFIX + '/api/createChannel', CreateChannel),
-  (config.URL_PREFIX + '/api/getUser', GetUser),
   (config.URL_PREFIX + '/api/setValue', SetValue),
 ])
diff --git a/static/cosmopolite.js b/static/cosmopolite.js
index 8a09bcf..3e286e2 100644
--- a/static/cosmopolite.js
+++ b/static/cosmopolite.js
@@ -42,7 +42,6 @@ cosmopolite.Client.prototype.onLoad_ = function() {
   }
   this.$ = jQuery.noConflict(true);
   this.registerMessageHandlers_();
-  this.getUser_();
   this.createChannel_();
 };
 
@@ -50,16 +49,16 @@ cosmopolite.Client.prototype.onLoad_ = function() {
 cosmopolite.Client.prototype.onReceiveMessage_ = function(data) {
   switch (data) {
     case 'login_complete':
-      this.getUser_();
+      this.socket.close();
       break;
     case 'logout_complete':
       localStorage.removeItem(this.namespace_ + ':client_id');
       localStorage.removeItem(this.namespace_ + ':google_user_id');
       this.$('#google_user').empty();
-      this.getUser_();
+      this.socket.close();
       break;
     default:
-      console.log('Unknown message type');
+      console.log('Unknown message type: ' + data);
       break;
   }
 };
@@ -217,6 +216,19 @@ cosmopolite.Client.prototype.onServerMessage_ = function(msg) {
         this.callbacks_['onStateChange'](key, this.stateCache_[key]);
       }
       break;
+    case 'login':
+      if ('onLogin' in this.callbacks_) {
+        this.callbacks_['onLogin'](
+          msg.google_user,
+	  this.urlPrefix_ + '/auth/logout');
+      }
+      break;
+    case 'logout':
+      if ('onLogout' in this.callbacks_) {
+        this.callbacks_['onLogout'](
+          this.urlPrefix_ + '/auth/login');
+      }
+      break;
     default:
       // Client out of date? Force refresh?
       console.log('Unknown message type: ' + msg.message_type);