Open Zsailer opened 2 months ago
I noticed while investigating https://github.com/jupyterlab/jupyter-collaboration/issues/290 that an unauthenticated user can trigger the creation of a collaborative document, even they are blocked from connecting to it after it is created.
I believe the issue is that authentication happens in the parent class's prepare(...) method in the YDocWebSocketHandler, which is called after the room is created.
prepare(...)
I think we need to move this call earlier in this method, probably call it first before any other logic.
I noticed while investigating https://github.com/jupyterlab/jupyter-collaboration/issues/290 that an unauthenticated user can trigger the creation of a collaborative document, even they are blocked from connecting to it after it is created.
I believe the issue is that authentication happens in the parent class's
prepare(...)
method in the YDocWebSocketHandler, which is called after the room is created.I think we need to move this call earlier in this method, probably call it first before any other logic.