overleaf/services/web/app/src/Features/User/UserEmailsController.js

200 lines
5.5 KiB
JavaScript
Raw Normal View History

const AuthenticationController = require('../Authentication/AuthenticationController')
const UserGetter = require('./UserGetter')
const UserUpdater = require('./UserUpdater')
const EmailHandler = require('../Email/EmailHandler')
const EmailHelper = require('../Helpers/EmailHelper')
const UserAuditLogHandler = require('./UserAuditLogHandler')
const UserEmailsConfirmationHandler = require('./UserEmailsConfirmationHandler')
const { endorseAffiliation } = require('../Institutions/InstitutionsAPI')
const Errors = require('../Errors/Errors')
const HttpErrorHandler = require('../Errors/HttpErrorHandler')
const { expressify } = require('../../util/promises')
async function add(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
const email = EmailHelper.parseEmail(req.body.email)
if (!email) {
return res.sendStatus(422)
}
const user = await UserGetter.promises.getUser(userId, { email: 1 })
const affiliationOptions = {
university: req.body.university,
role: req.body.role,
department: req.body.department
}
await UserAuditLogHandler.promises.addEntry(
user._id,
'add-email',
user._id,
req.ip,
{
newSecondaryEmail: email
}
)
try {
await UserUpdater.promises.addEmailAddress(
userId,
email,
affiliationOptions
)
} catch (error) {
return UserEmailsController._handleEmailError(error, req, res, next)
}
const emailOptions = {
to: user.email,
actionDescribed: `a secondary email address has been added to your account ${
user.email
}`,
message: [
`<span style="display:inline-block;padding: 0 20px;width:100%;">Added: <br/><b>${email}</b></span>`
],
action: 'secondary email address added'
}
await EmailHandler.promises.sendEmail('securityAlert', emailOptions)
await UserEmailsConfirmationHandler.promises.sendConfirmationEmail(
userId,
email
)
res.sendStatus(204)
}
function resendConfirmation(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
const email = EmailHelper.parseEmail(req.body.email)
if (!email) {
return res.sendStatus(422)
}
UserGetter.getUserByAnyEmail(email, { _id: 1 }, function(error, user) {
if (error) {
return next(error)
}
if (!user || user._id.toString() !== userId) {
return res.sendStatus(422)
}
UserEmailsConfirmationHandler.sendConfirmationEmail(userId, email, function(
error
) {
if (error) {
return next(error)
}
res.sendStatus(200)
})
})
}
const UserEmailsController = {
list(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
UserGetter.getUserFullEmails(userId, function(error, fullEmails) {
if (error) {
return next(error)
}
res.json(fullEmails)
})
},
add: expressify(add),
remove(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
const email = EmailHelper.parseEmail(req.body.email)
if (!email) {
return res.sendStatus(422)
}
UserUpdater.removeEmailAddress(userId, email, function(error) {
if (error) {
return next(error)
}
res.sendStatus(200)
})
},
setDefault(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
const email = EmailHelper.parseEmail(req.body.email)
if (!email) {
return res.sendStatus(422)
}
UserUpdater.setDefaultEmailAddress(userId, email, err => {
if (err) {
return UserEmailsController._handleEmailError(err, req, res, next)
}
AuthenticationController.setInSessionUser(req, { email: email })
res.sendStatus(200)
})
},
endorse(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
const email = EmailHelper.parseEmail(req.body.email)
if (!email) {
return res.sendStatus(422)
}
endorseAffiliation(
userId,
email,
req.body.role,
req.body.department,
function(error) {
if (error) {
return next(error)
}
res.sendStatus(204)
}
)
},
resendConfirmation,
showConfirm(req, res, next) {
res.render('user/confirm_email', {
token: req.query.token,
title: 'confirm_email'
})
},
confirm(req, res, next) {
const { token } = req.body
if (!token) {
return res.status(422).json({
message: req.i18n.translate('confirmation_link_broken')
})
}
UserEmailsConfirmationHandler.confirmEmailFromToken(token, function(error) {
if (error) {
if (error instanceof Errors.NotFoundError) {
res.status(404).json({
message: req.i18n.translate('confirmation_token_invalid')
})
} else {
next(error)
}
} else {
res.sendStatus(200)
}
})
},
_handleEmailError(error, req, res, next) {
if (error instanceof Errors.UnconfirmedEmailError) {
return HttpErrorHandler.conflict(req, res, 'email must be confirmed')
} else if (error instanceof Errors.EmailExistsError) {
const message = req.i18n.translate('email_already_registered')
return HttpErrorHandler.conflict(req, res, message)
} else if (error.message === '422: Email does not belong to university') {
const message = req.i18n.translate('email_does_not_belong_to_university')
return HttpErrorHandler.conflict(req, res, message)
}
next(error)
}
}
module.exports = UserEmailsController