2019-05-29 05:21:06 -04:00
|
|
|
const UserHandler = require('./UserHandler')
|
|
|
|
const UserDeleter = require('./UserDeleter')
|
|
|
|
const UserGetter = require('./UserGetter')
|
|
|
|
const { User } = require('../../models/User')
|
2019-08-28 08:59:41 -04:00
|
|
|
const NewsletterManager = require('../Newsletter/NewsletterManager')
|
2021-11-10 08:40:18 -05:00
|
|
|
const logger = require('@overleaf/logger')
|
2020-10-30 04:10:50 -04:00
|
|
|
const metrics = require('@overleaf/metrics')
|
2019-05-29 05:21:06 -04:00
|
|
|
const AuthenticationManager = require('../Authentication/AuthenticationManager')
|
2021-07-28 04:51:20 -04:00
|
|
|
const SessionManager = require('../Authentication/SessionManager')
|
2020-03-02 07:32:12 -05:00
|
|
|
const Features = require('../../infrastructure/Features')
|
2020-07-27 10:33:57 -04:00
|
|
|
const UserAuditLogHandler = require('./UserAuditLogHandler')
|
2019-05-29 05:21:06 -04:00
|
|
|
const UserSessionsManager = require('./UserSessionsManager')
|
|
|
|
const UserUpdater = require('./UserUpdater')
|
|
|
|
const Errors = require('../Errors/Errors')
|
2020-07-16 02:47:46 -04:00
|
|
|
const HttpErrorHandler = require('../Errors/HttpErrorHandler')
|
2019-07-19 05:40:23 -04:00
|
|
|
const OError = require('@overleaf/o-error')
|
2019-06-14 12:31:46 -04:00
|
|
|
const EmailHandler = require('../Email/EmailHandler')
|
2019-09-25 10:29:10 -04:00
|
|
|
const UrlHelper = require('../Helpers/UrlHelper')
|
2020-02-20 11:08:18 -05:00
|
|
|
const { promisify } = require('util')
|
2020-07-27 10:33:57 -04:00
|
|
|
const { expressify } = require('../../util/promises')
|
2021-09-16 04:14:24 -04:00
|
|
|
const {
|
|
|
|
acceptsJson,
|
|
|
|
} = require('../../infrastructure/RequestContentTypeDetection')
|
2022-09-22 04:52:03 -04:00
|
|
|
const Modules = require('../../infrastructure/Modules')
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2020-09-29 10:05:12 -04:00
|
|
|
async function _sendSecurityAlertClearedSessions(user) {
|
|
|
|
const emailOptions = {
|
|
|
|
to: user.email,
|
2020-12-15 05:23:54 -05:00
|
|
|
actionDescribed: `active sessions were cleared on your account ${user.email}`,
|
2021-04-27 03:52:58 -04:00
|
|
|
action: 'active sessions cleared',
|
2020-09-29 10:05:12 -04:00
|
|
|
}
|
|
|
|
try {
|
|
|
|
await EmailHandler.promises.sendEmail('securityAlert', emailOptions)
|
|
|
|
} catch (error) {
|
|
|
|
// log error when sending security alert email but do not pass back
|
|
|
|
logger.error(
|
|
|
|
{ error, userId: user._id },
|
|
|
|
'could not send security alert email when sessions cleared'
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function _sendSecurityAlertPasswordChanged(user) {
|
|
|
|
const emailOptions = {
|
|
|
|
to: user.email,
|
2020-12-15 05:23:54 -05:00
|
|
|
actionDescribed: `your password has been changed on your account ${user.email}`,
|
2021-04-27 03:52:58 -04:00
|
|
|
action: 'password changed',
|
2020-09-29 10:05:12 -04:00
|
|
|
}
|
|
|
|
EmailHandler.sendEmail('securityAlert', emailOptions, error => {
|
|
|
|
if (error) {
|
|
|
|
// log error when sending security alert email but do not pass back
|
|
|
|
logger.error(
|
|
|
|
{ error, userId: user._id },
|
|
|
|
'could not send security alert email when password changed'
|
|
|
|
)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-03-11 09:21:44 -04:00
|
|
|
async function _ensureAffiliation(userId, emailData) {
|
2020-03-02 07:32:12 -05:00
|
|
|
if (emailData.samlProviderId) {
|
|
|
|
await UserUpdater.promises.confirmEmail(userId, emailData.email)
|
|
|
|
} else {
|
|
|
|
await UserUpdater.promises.addAffiliationForNewUser(userId, emailData.email)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-08-10 09:57:39 -04:00
|
|
|
async function changePassword(req, res, next) {
|
|
|
|
metrics.inc('user.password-change')
|
2021-07-28 04:51:20 -04:00
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2020-08-10 09:57:39 -04:00
|
|
|
|
|
|
|
const user = await AuthenticationManager.promises.authenticate(
|
|
|
|
{ _id: userId },
|
|
|
|
req.body.currentPassword
|
|
|
|
)
|
|
|
|
if (!user) {
|
2022-04-25 07:05:15 -04:00
|
|
|
return HttpErrorHandler.badRequest(
|
|
|
|
req,
|
|
|
|
res,
|
|
|
|
req.i18n.translate('password_change_old_password_wrong')
|
|
|
|
)
|
2020-08-10 09:57:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (req.body.newPassword1 !== req.body.newPassword2) {
|
|
|
|
return HttpErrorHandler.badRequest(
|
|
|
|
req,
|
|
|
|
res,
|
|
|
|
req.i18n.translate('password_change_passwords_do_not_match')
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2020-10-22 04:11:43 -04:00
|
|
|
try {
|
|
|
|
await AuthenticationManager.promises.setUserPassword(
|
|
|
|
user,
|
|
|
|
req.body.newPassword1
|
|
|
|
)
|
|
|
|
} catch (error) {
|
|
|
|
if (error.name === 'InvalidPasswordError') {
|
2023-04-11 09:16:51 -04:00
|
|
|
const message = AuthenticationManager.getMessageForInvalidPasswordError(
|
|
|
|
error,
|
|
|
|
req
|
|
|
|
)
|
|
|
|
return res.status(400).json({ message })
|
2022-09-27 07:24:17 -04:00
|
|
|
} else if (error.name === 'PasswordMustBeDifferentError') {
|
|
|
|
return HttpErrorHandler.badRequest(
|
|
|
|
req,
|
|
|
|
res,
|
|
|
|
req.i18n.translate('password_change_password_must_be_different')
|
|
|
|
)
|
2022-12-06 05:22:20 -05:00
|
|
|
} else if (error.name === 'PasswordReusedError') {
|
|
|
|
return res.status(400).json({
|
|
|
|
message: {
|
|
|
|
key: 'password-must-be-strong',
|
|
|
|
},
|
|
|
|
})
|
2020-10-22 04:11:43 -04:00
|
|
|
} else {
|
|
|
|
throw error
|
|
|
|
}
|
|
|
|
}
|
2020-08-10 09:57:39 -04:00
|
|
|
await UserAuditLogHandler.promises.addEntry(
|
|
|
|
user._id,
|
|
|
|
'update-password',
|
|
|
|
user._id,
|
|
|
|
req.ip
|
|
|
|
)
|
|
|
|
|
2020-09-29 10:05:12 -04:00
|
|
|
// no need to wait, errors are logged and not passed back
|
|
|
|
_sendSecurityAlertPasswordChanged(user)
|
2020-08-10 09:57:39 -04:00
|
|
|
|
|
|
|
await UserSessionsManager.promises.revokeAllUserSessions(user, [
|
2021-04-27 03:52:58 -04:00
|
|
|
req.sessionID,
|
2020-08-10 09:57:39 -04:00
|
|
|
])
|
|
|
|
|
|
|
|
return res.json({
|
|
|
|
message: {
|
|
|
|
type: 'success',
|
|
|
|
email: user.email,
|
2021-04-27 03:52:58 -04:00
|
|
|
text: req.i18n.translate('password_change_successful'),
|
|
|
|
},
|
2020-08-10 09:57:39 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-07-27 10:33:57 -04:00
|
|
|
async function clearSessions(req, res, next) {
|
|
|
|
metrics.inc('user.clear-sessions')
|
2021-07-28 04:51:20 -04:00
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2020-09-29 10:05:12 -04:00
|
|
|
const user = await UserGetter.promises.getUser(userId, { email: 1 })
|
2020-07-27 10:33:57 -04:00
|
|
|
const sessions = await UserSessionsManager.promises.getAllUserSessions(user, [
|
2021-04-27 03:52:58 -04:00
|
|
|
req.sessionID,
|
2020-07-27 10:33:57 -04:00
|
|
|
])
|
|
|
|
await UserAuditLogHandler.promises.addEntry(
|
|
|
|
user._id,
|
|
|
|
'clear-sessions',
|
|
|
|
user._id,
|
|
|
|
req.ip,
|
2021-10-20 15:03:18 -04:00
|
|
|
{ sessions }
|
2020-07-27 10:33:57 -04:00
|
|
|
)
|
|
|
|
await UserSessionsManager.promises.revokeAllUserSessions(user, [
|
2021-04-27 03:52:58 -04:00
|
|
|
req.sessionID,
|
2020-07-27 10:33:57 -04:00
|
|
|
])
|
2020-07-30 09:51:28 -04:00
|
|
|
|
2020-09-29 10:05:12 -04:00
|
|
|
await _sendSecurityAlertClearedSessions(user)
|
2020-07-30 09:51:28 -04:00
|
|
|
|
2020-07-27 10:33:57 -04:00
|
|
|
res.sendStatus(201)
|
|
|
|
}
|
|
|
|
|
2020-03-11 09:21:44 -04:00
|
|
|
async function ensureAffiliation(user) {
|
2020-03-02 07:32:12 -05:00
|
|
|
if (!Features.hasFeature('affiliations')) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
const flaggedEmails = user.emails.filter(email => email.affiliationUnchecked)
|
|
|
|
if (flaggedEmails.length === 0) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if (flaggedEmails.length > 1) {
|
|
|
|
logger.error(
|
2020-03-11 09:21:44 -04:00
|
|
|
{ userId: user._id },
|
2020-03-02 07:32:12 -05:00
|
|
|
`Unexpected number of flagged emails: ${flaggedEmails.length}`
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2020-03-11 09:21:44 -04:00
|
|
|
await _ensureAffiliation(user._id, flaggedEmails[0])
|
2020-03-02 07:32:12 -05:00
|
|
|
}
|
|
|
|
|
2020-03-11 09:21:44 -04:00
|
|
|
async function ensureAffiliationMiddleware(req, res, next) {
|
|
|
|
let user
|
|
|
|
if (!Features.hasFeature('affiliations') || !req.query.ensureAffiliation) {
|
2020-03-02 07:32:12 -05:00
|
|
|
return next()
|
|
|
|
}
|
2021-07-28 04:51:20 -04:00
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2020-03-02 07:32:12 -05:00
|
|
|
try {
|
2020-03-11 09:21:44 -04:00
|
|
|
user = await UserGetter.promises.getUser(userId)
|
|
|
|
} catch (error) {
|
|
|
|
return new Errors.UserNotFoundError({ info: { userId } })
|
|
|
|
}
|
2023-07-10 04:40:45 -04:00
|
|
|
// if the user does not have permission to add an affiliation, we skip this middleware
|
|
|
|
try {
|
|
|
|
req.assertPermission('add-affiliation')
|
|
|
|
} catch (error) {
|
|
|
|
if (error instanceof Errors.ForbiddenError) {
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
}
|
2020-03-11 09:21:44 -04:00
|
|
|
try {
|
|
|
|
await ensureAffiliation(user)
|
2020-03-02 07:32:12 -05:00
|
|
|
} catch (error) {
|
|
|
|
return next(error)
|
|
|
|
}
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
|
2019-08-28 08:59:41 -04:00
|
|
|
const UserController = {
|
2020-07-27 10:33:57 -04:00
|
|
|
clearSessions: expressify(clearSessions),
|
|
|
|
|
2019-05-29 05:21:06 -04:00
|
|
|
tryDeleteUser(req, res, next) {
|
2021-07-28 04:51:20 -04:00
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2019-05-29 05:21:06 -04:00
|
|
|
const { password } = req.body
|
2019-11-19 09:19:08 -05:00
|
|
|
|
2019-05-29 05:21:06 -04:00
|
|
|
if (password == null || password === '') {
|
|
|
|
logger.err(
|
2019-08-28 08:59:41 -04:00
|
|
|
{ userId },
|
2019-05-29 05:21:06 -04:00
|
|
|
'no password supplied for attempt to delete account'
|
|
|
|
)
|
|
|
|
return res.sendStatus(403)
|
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
AuthenticationManager.authenticate(
|
|
|
|
{ _id: userId },
|
|
|
|
password,
|
|
|
|
(err, user) => {
|
|
|
|
if (err != null) {
|
2020-08-19 05:11:32 -04:00
|
|
|
OError.tag(
|
|
|
|
err,
|
|
|
|
'error authenticating during attempt to delete account',
|
|
|
|
{
|
2021-04-27 03:52:58 -04:00
|
|
|
userId,
|
2020-08-19 05:11:32 -04:00
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
)
|
|
|
|
return next(err)
|
|
|
|
}
|
|
|
|
if (!user) {
|
|
|
|
logger.err({ userId }, 'auth failed during attempt to delete account')
|
|
|
|
return res.sendStatus(403)
|
|
|
|
}
|
|
|
|
UserDeleter.deleteUser(
|
|
|
|
userId,
|
|
|
|
{ deleterUser: user, ipAddress: req.ip },
|
|
|
|
err => {
|
|
|
|
if (err) {
|
2021-05-05 09:05:04 -04:00
|
|
|
const errorData = {
|
2019-08-28 08:59:41 -04:00
|
|
|
message: 'error while deleting user account',
|
2021-04-27 03:52:58 -04:00
|
|
|
info: { userId },
|
2019-07-19 05:40:23 -04:00
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
if (err instanceof Errors.SubscriptionAdminDeletionError) {
|
|
|
|
// set info.public.error for JSON response so frontend can display
|
|
|
|
// a specific message
|
|
|
|
errorData.info.public = {
|
2021-04-27 03:52:58 -04:00
|
|
|
error: 'SubscriptionAdminDeletionError',
|
2019-08-28 08:59:41 -04:00
|
|
|
}
|
2020-08-11 05:28:29 -04:00
|
|
|
logger.warn(OError.tag(err, errorData.message, errorData.info))
|
2020-07-16 02:47:46 -04:00
|
|
|
return HttpErrorHandler.unprocessableEntity(
|
|
|
|
req,
|
|
|
|
res,
|
|
|
|
errorData.message,
|
|
|
|
errorData.info.public
|
2019-07-19 05:40:23 -04:00
|
|
|
)
|
2019-08-28 08:59:41 -04:00
|
|
|
} else {
|
2020-08-11 05:28:29 -04:00
|
|
|
return next(OError.tag(err, errorData.message, errorData.info))
|
2019-08-28 08:59:41 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
const sessionId = req.sessionID
|
|
|
|
if (typeof req.logout === 'function') {
|
|
|
|
req.logout()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
req.session.destroy(err => {
|
|
|
|
if (err != null) {
|
2020-08-19 05:11:32 -04:00
|
|
|
OError.tag(err, 'error destroying session')
|
2019-08-28 08:59:41 -04:00
|
|
|
return next(err)
|
|
|
|
}
|
2021-10-27 05:49:18 -04:00
|
|
|
UserSessionsManager.untrackSession(user, sessionId, () => {})
|
2019-08-28 08:59:41 -04:00
|
|
|
res.sendStatus(200)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
)
|
|
|
|
}
|
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
2022-04-27 04:42:39 -04:00
|
|
|
subscribe(req, res, next) {
|
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2023-09-07 07:53:40 -04:00
|
|
|
UserGetter.getUser(
|
|
|
|
userId,
|
|
|
|
{ _id: 1, email: 1, first_name: 1, last_name: 1 },
|
|
|
|
(err, user) => {
|
2022-04-27 04:42:39 -04:00
|
|
|
if (err != null) {
|
|
|
|
return next(err)
|
|
|
|
}
|
2023-09-07 07:53:40 -04:00
|
|
|
NewsletterManager.subscribe(user, err => {
|
|
|
|
if (err != null) {
|
|
|
|
OError.tag(err, 'error subscribing to newsletter')
|
|
|
|
return next(err)
|
|
|
|
}
|
|
|
|
return res.json({
|
|
|
|
message: req.i18n.translate('thanks_settings_updated'),
|
|
|
|
})
|
2022-04-27 04:42:39 -04:00
|
|
|
})
|
2023-09-07 07:53:40 -04:00
|
|
|
}
|
|
|
|
)
|
2022-04-27 04:42:39 -04:00
|
|
|
},
|
|
|
|
|
2019-08-28 08:59:41 -04:00
|
|
|
unsubscribe(req, res, next) {
|
2021-07-28 04:51:20 -04:00
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2023-09-07 07:53:40 -04:00
|
|
|
UserGetter.getUser(
|
|
|
|
userId,
|
|
|
|
{ _id: 1, email: 1, first_name: 1, last_name: 1 },
|
|
|
|
(err, user) => {
|
2019-08-28 08:59:41 -04:00
|
|
|
if (err != null) {
|
2022-04-27 04:42:39 -04:00
|
|
|
return next(err)
|
2019-08-28 08:59:41 -04:00
|
|
|
}
|
2023-09-07 07:53:40 -04:00
|
|
|
NewsletterManager.unsubscribe(user, err => {
|
|
|
|
if (err != null) {
|
|
|
|
OError.tag(err, 'error unsubscribing to newsletter')
|
2022-09-21 06:02:37 -04:00
|
|
|
return next(err)
|
|
|
|
}
|
2023-09-07 07:53:40 -04:00
|
|
|
Modules.hooks.fire('newsletterUnsubscribed', user, err => {
|
|
|
|
if (err) {
|
|
|
|
OError.tag(err, 'error firing "newsletterUnsubscribed" hook')
|
|
|
|
return next(err)
|
|
|
|
}
|
|
|
|
return res.json({
|
|
|
|
message: req.i18n.translate('thanks_settings_updated'),
|
|
|
|
})
|
2022-09-21 06:02:37 -04:00
|
|
|
})
|
2022-04-27 04:42:39 -04:00
|
|
|
})
|
2023-09-07 07:53:40 -04:00
|
|
|
}
|
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
2019-07-31 04:22:31 -04:00
|
|
|
updateUserSettings(req, res, next) {
|
2021-07-28 04:51:20 -04:00
|
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
2019-08-28 08:59:41 -04:00
|
|
|
User.findById(userId, (err, user) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null || user == null) {
|
2019-08-28 08:59:41 -04:00
|
|
|
logger.err({ err, userId }, 'problem updaing user settings')
|
2019-05-29 05:21:06 -04:00
|
|
|
return res.sendStatus(500)
|
|
|
|
}
|
|
|
|
|
|
|
|
if (req.body.first_name != null) {
|
|
|
|
user.first_name = req.body.first_name.trim()
|
|
|
|
}
|
|
|
|
if (req.body.last_name != null) {
|
|
|
|
user.last_name = req.body.last_name.trim()
|
|
|
|
}
|
|
|
|
if (req.body.role != null) {
|
|
|
|
user.role = req.body.role.trim()
|
|
|
|
}
|
|
|
|
if (req.body.institution != null) {
|
|
|
|
user.institution = req.body.institution.trim()
|
|
|
|
}
|
|
|
|
if (req.body.mode != null) {
|
|
|
|
user.ace.mode = req.body.mode
|
|
|
|
}
|
|
|
|
if (req.body.editorTheme != null) {
|
|
|
|
user.ace.theme = req.body.editorTheme
|
|
|
|
}
|
|
|
|
if (req.body.overallTheme != null) {
|
|
|
|
user.ace.overallTheme = req.body.overallTheme
|
|
|
|
}
|
|
|
|
if (req.body.fontSize != null) {
|
|
|
|
user.ace.fontSize = req.body.fontSize
|
|
|
|
}
|
|
|
|
if (req.body.autoComplete != null) {
|
|
|
|
user.ace.autoComplete = req.body.autoComplete
|
|
|
|
}
|
|
|
|
if (req.body.autoPairDelimiters != null) {
|
|
|
|
user.ace.autoPairDelimiters = req.body.autoPairDelimiters
|
|
|
|
}
|
|
|
|
if (req.body.spellCheckLanguage != null) {
|
|
|
|
user.ace.spellCheckLanguage = req.body.spellCheckLanguage
|
|
|
|
}
|
|
|
|
if (req.body.pdfViewer != null) {
|
|
|
|
user.ace.pdfViewer = req.body.pdfViewer
|
|
|
|
}
|
|
|
|
if (req.body.syntaxValidation != null) {
|
|
|
|
user.ace.syntaxValidation = req.body.syntaxValidation
|
|
|
|
}
|
|
|
|
if (req.body.fontFamily != null) {
|
|
|
|
user.ace.fontFamily = req.body.fontFamily
|
|
|
|
}
|
|
|
|
if (req.body.lineHeight != null) {
|
|
|
|
user.ace.lineHeight = req.body.lineHeight
|
|
|
|
}
|
|
|
|
|
2019-08-28 08:59:41 -04:00
|
|
|
user.save(err => {
|
|
|
|
if (err != null) {
|
|
|
|
return next(err)
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
const newEmail =
|
|
|
|
req.body.email != null
|
|
|
|
? req.body.email.trim().toLowerCase()
|
|
|
|
: undefined
|
|
|
|
if (
|
|
|
|
newEmail == null ||
|
|
|
|
newEmail === user.email ||
|
|
|
|
req.externalAuthenticationSystemUsed()
|
|
|
|
) {
|
|
|
|
// end here, don't update email
|
2021-07-28 04:51:20 -04:00
|
|
|
SessionManager.setInSessionUser(req.session, {
|
2019-05-29 05:21:06 -04:00
|
|
|
first_name: user.first_name,
|
2021-04-27 03:52:58 -04:00
|
|
|
last_name: user.last_name,
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
2019-08-28 08:59:41 -04:00
|
|
|
res.sendStatus(200)
|
2019-05-29 05:21:06 -04:00
|
|
|
} else if (newEmail.indexOf('@') === -1) {
|
|
|
|
// email invalid
|
2019-08-28 08:59:41 -04:00
|
|
|
res.sendStatus(400)
|
2019-05-29 05:21:06 -04:00
|
|
|
} else {
|
|
|
|
// update the user email
|
2020-08-12 10:19:33 -04:00
|
|
|
const auditLog = {
|
|
|
|
initiatorId: userId,
|
2021-04-27 03:52:58 -04:00
|
|
|
ipAddress: req.ip,
|
2020-08-12 10:19:33 -04:00
|
|
|
}
|
|
|
|
UserUpdater.changeEmailAddress(userId, newEmail, auditLog, err => {
|
2019-07-31 04:22:31 -04:00
|
|
|
if (err) {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err instanceof Errors.EmailExistsError) {
|
2020-07-20 09:21:28 -04:00
|
|
|
const translation = req.i18n.translate(
|
2019-07-31 04:22:31 -04:00
|
|
|
'email_already_registered'
|
|
|
|
)
|
2020-07-20 09:21:28 -04:00
|
|
|
return HttpErrorHandler.conflict(req, res, translation)
|
2019-05-29 05:21:06 -04:00
|
|
|
} else {
|
2020-07-22 10:08:06 -04:00
|
|
|
return HttpErrorHandler.legacyInternal(
|
|
|
|
req,
|
|
|
|
res,
|
|
|
|
req.i18n.translate('problem_changing_email_address'),
|
2020-08-11 05:28:29 -04:00
|
|
|
OError.tag(err, 'problem_changing_email_address', {
|
|
|
|
userId,
|
2021-04-27 03:52:58 -04:00
|
|
|
newEmail,
|
2020-08-11 05:28:29 -04:00
|
|
|
})
|
2019-07-31 04:22:31 -04:00
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
User.findById(userId, (err, user) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null) {
|
|
|
|
logger.err(
|
2019-08-28 08:59:41 -04:00
|
|
|
{ err, userId },
|
2019-05-29 05:21:06 -04:00
|
|
|
'error getting user for email update'
|
|
|
|
)
|
2020-05-06 06:02:16 -04:00
|
|
|
return res.sendStatus(500)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2021-07-28 04:51:20 -04:00
|
|
|
SessionManager.setInSessionUser(req.session, {
|
2019-05-29 05:21:06 -04:00
|
|
|
email: user.email,
|
|
|
|
first_name: user.first_name,
|
2021-04-27 03:52:58 -04:00
|
|
|
last_name: user.last_name,
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
2019-08-28 08:59:41 -04:00
|
|
|
UserHandler.populateTeamInvites(user, err => {
|
2019-05-29 05:21:06 -04:00
|
|
|
// need to refresh this in the background
|
|
|
|
if (err != null) {
|
|
|
|
logger.err({ err }, 'error populateTeamInvites')
|
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
res.sendStatus(200)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
2020-02-20 11:08:18 -05:00
|
|
|
doLogout(req, cb) {
|
2019-05-29 05:21:06 -04:00
|
|
|
metrics.inc('user.logout')
|
2021-07-28 04:51:20 -04:00
|
|
|
const user = SessionManager.getSessionUser(req.session)
|
2022-05-16 08:38:18 -04:00
|
|
|
logger.debug({ user }, 'logging out')
|
2019-05-29 05:21:06 -04:00
|
|
|
const sessionId = req.sessionID
|
|
|
|
if (typeof req.logout === 'function') {
|
|
|
|
req.logout()
|
|
|
|
} // passport logout
|
2019-08-28 08:59:41 -04:00
|
|
|
req.session.destroy(err => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err) {
|
2020-08-19 05:11:32 -04:00
|
|
|
OError.tag(err, 'error destroying session')
|
2019-08-28 08:59:41 -04:00
|
|
|
return cb(err)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
if (user != null) {
|
2021-10-27 05:49:18 -04:00
|
|
|
UserSessionsManager.untrackSession(user, sessionId, () => {})
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
cb()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
logout(req, res, next) {
|
2019-09-25 10:29:10 -04:00
|
|
|
const requestedRedirect = req.body.redirect
|
|
|
|
? UrlHelper.getSafeRedirectPath(req.body.redirect)
|
|
|
|
: undefined
|
|
|
|
const redirectUrl = requestedRedirect || '/login'
|
|
|
|
|
2020-02-20 11:08:18 -05:00
|
|
|
UserController.doLogout(req, err => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null) {
|
|
|
|
return next(err)
|
|
|
|
}
|
2021-09-16 04:14:24 -04:00
|
|
|
if (acceptsJson(req)) {
|
|
|
|
res.status(200).json({ redir: redirectUrl })
|
|
|
|
} else {
|
|
|
|
res.redirect(redirectUrl)
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
2019-07-18 10:18:56 -04:00
|
|
|
expireDeletedUser(req, res, next) {
|
|
|
|
const userId = req.params.userId
|
|
|
|
UserDeleter.expireDeletedUser(userId, error => {
|
|
|
|
if (error) {
|
|
|
|
return next(error)
|
|
|
|
}
|
|
|
|
|
|
|
|
res.sendStatus(204)
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
expireDeletedUsersAfterDuration(req, res, next) {
|
|
|
|
UserDeleter.expireDeletedUsersAfterDuration(error => {
|
|
|
|
if (error) {
|
|
|
|
return next(error)
|
|
|
|
}
|
|
|
|
|
|
|
|
res.sendStatus(204)
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
2021-04-27 03:52:58 -04:00
|
|
|
changePassword: expressify(changePassword),
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-08-28 08:59:41 -04:00
|
|
|
|
2020-02-20 11:08:18 -05:00
|
|
|
UserController.promises = {
|
2020-03-02 07:32:12 -05:00
|
|
|
doLogout: promisify(UserController.doLogout),
|
2020-03-11 09:21:44 -04:00
|
|
|
ensureAffiliation,
|
2021-04-27 03:52:58 -04:00
|
|
|
ensureAffiliationMiddleware,
|
2020-02-20 11:08:18 -05:00
|
|
|
}
|
|
|
|
|
2019-08-28 08:59:41 -04:00
|
|
|
module.exports = UserController
|