overleaf/services/web/app/src/Features/User/ThirdPartyIdentityManager.js

const APP_ROOT = '../../../../app/src'
const UserAuditLogHandler = require(`${APP_ROOT}/Features/User/UserAuditLogHandler`)
const EmailHandler = require(`${APP_ROOT}/Features/Email/EmailHandler`)
const EmailOptionsHelper = require(`${APP_ROOT}/Features/Email/EmailOptionsHelper`)
const Errors = require('../Errors/Errors')
const _ = require('lodash')
const logger = require('logger-sharelatex')
const OError = require('@overleaf/o-error')
const settings = require('@overleaf/settings')
const { User } = require(`${APP_ROOT}/models/User`)
const { promisifyAll } = require(`${APP_ROOT}/util/promises`)

const oauthProviders = settings.oauthProviders || {}

function getUser(providerId, externalUserId, callback) {
  if (providerId == null || externalUserId == null) {
    return callback(
      new OError('invalid SSO arguments', {
        externalUserId,
        providerId,
      })
    )
  }
  const query = _getUserQuery(providerId, externalUserId)
  User.findOne(query, function (err, user) {
    if (err != null) {
      return callback(err)
    }
    if (!user) {
      return callback(new Errors.ThirdPartyUserNotFoundError())
    }
    callback(null, user)
  })
}

function login(providerId, externalUserId, externalData, callback) {
  ThirdPartyIdentityManager.getUser(
    providerId,
    externalUserId,
    function (err, user) {
      if (err != null) {
        return callback(err)
      }
      if (!externalData) {
        return callback(null, user)
      }
      const query = _getUserQuery(providerId, externalUserId)
      const update = _thirdPartyIdentifierUpdate(
        user,
        providerId,
        externalUserId,
        externalData
      )
      User.findOneAndUpdate(query, update, { new: true }, callback)
    }
  )
}

function link(
  userId,
  providerId,
  externalUserId,
  externalData,
  auditLog,
  callback,
  retry
) {
  const accountLinked = true
  if (!oauthProviders[providerId]) {
    return callback(new Error('Not a valid provider'))
  }

  UserAuditLogHandler.addEntry(
    userId,
    'link-sso',
    auditLog.initiatorId,
    auditLog.ipAddress,
    {
      providerId,
    },
    error => {
      if (error) {
        return callback(error)
      }
      const query = {
        _id: userId,
        'thirdPartyIdentifiers.providerId': {
          $ne: providerId,
        },
      }
      const update = {
        $push: {
          thirdPartyIdentifiers: {
            externalUserId,
            externalData,
            providerId,
          },
        },
      }
      // add new tpi only if an entry for the provider does not exist
      // projection includes thirdPartyIdentifiers for tests
      User.findOneAndUpdate(query, update, { new: 1 }, (err, res) => {
        if (err && err.code === 11000) {
          callback(new Errors.ThirdPartyIdentityExistsError())
        } else if (err != null) {
          callback(err)
        } else if (res) {
          _sendSecurityAlert(accountLinked, providerId, res, userId)
          callback(null, res)
        } else if (retry) {
          // if already retried then throw error
          callback(new Error('update failed'))
        } else {
          // attempt to clear existing entry then retry
          ThirdPartyIdentityManager.unlink(
            userId,
            providerId,
            auditLog,
            function (err) {
              if (err != null) {
                return callback(err)
              }
              ThirdPartyIdentityManager.link(
                userId,
                providerId,
                externalUserId,
                externalData,
                auditLog,
                callback,
                true
              )
            }
          )
        }
      })
    }
  )
}

function unlink(userId, providerId, auditLog, callback) {
  const accountLinked = false
  if (!oauthProviders[providerId]) {
    return callback(new Error('Not a valid provider'))
  }
  UserAuditLogHandler.addEntry(
    userId,
    'unlink-sso',
    auditLog.initiatorId,
    auditLog.ipAddress,
    {
      providerId,
    },
    error => {
      if (error) {
        return callback(error)
      }
      const query = {
        _id: userId,
      }
      const update = {
        $pull: {
          thirdPartyIdentifiers: {
            providerId,
          },
        },
      }
      // projection includes thirdPartyIdentifiers for tests
      User.findOneAndUpdate(query, update, { new: 1 }, (err, res) => {
        if (err != null) {
          callback(err)
        } else if (!res) {
          callback(new Error('update failed'))
        } else {
          // no need to wait, errors are logged and not passed back
          _sendSecurityAlert(accountLinked, providerId, res, userId)
          callback(null, res)
        }
      })
    }
  )
}

function _getUserQuery(providerId, externalUserId) {
  externalUserId = externalUserId.toString()
  providerId = providerId.toString()
  const query = {
    'thirdPartyIdentifiers.externalUserId': externalUserId,
    'thirdPartyIdentifiers.providerId': providerId,
  }
  return query
}

function _sendSecurityAlert(accountLinked, providerId, user, userId) {
  const providerName = oauthProviders[providerId].name
  const emailOptions = EmailOptionsHelper.linkOrUnlink(
    accountLinked,
    providerName,
    user.email
  )
  EmailHandler.sendEmail('securityAlert', emailOptions, error => {
    if (error) {
      logger.error(
        { err: error, userId },
        `could not send security alert email when ${emailOptions.action}`
      )
    }
  })
}

function _thirdPartyIdentifierUpdate(
  user,
  providerId,
  externalUserId,
  externalData
) {
  providerId = providerId.toString()
  // get third party identifier object from array
  const thirdPartyIdentifier = user.thirdPartyIdentifiers.find(
    tpi =>
      tpi.externalUserId === externalUserId && tpi.providerId === providerId
  )
  // do recursive merge of new data over existing data
  _.merge(thirdPartyIdentifier.externalData, externalData)
  const update = { 'thirdPartyIdentifiers.$': thirdPartyIdentifier }
  return update
}

const ThirdPartyIdentityManager = {
  getUser,
  login,
  link,
  unlink,
}

ThirdPartyIdentityManager.promises = promisifyAll(ThirdPartyIdentityManager)

module.exports = ThirdPartyIdentityManager
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`const APP_ROOT = '../../../../app/src'`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			const UserAuditLogHandler = require(`${APP_ROOT}/Features/User/UserAuditLogHandler`)
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			const EmailHandler = require(`${APP_ROOT}/Features/Email/EmailHandler`)
Merge pull request #3297 from overleaf/jel-unlink-email Update unlinked email wording GitOrigin-RevId: 976349f1003e6b53ab04b27870356d9452464a39 2020-10-20 08:53:45 -04:00			const EmailOptionsHelper = require(`${APP_ROOT}/Features/Email/EmailOptionsHelper`)
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`const Errors = require('../Errors/Errors')`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`const _ = require('lodash')`
Merge pull request #1903 from overleaf/jel-oauth-email-notification OAuth link/unlink email notification via v2 GitOrigin-RevId: 36b0c6153d3eb8174adc4fd684837d81be95b644 2019-07-11 11:22:25 -04:00			`const logger = require('logger-sharelatex')`
Merge pull request #3608 from overleaf/jel-sso-log Improve SSO error log GitOrigin-RevId: a7d3899c662283e49b7505d24b3191213de3968e 2021-02-02 09:25:01 -05:00			`const OError = require('@overleaf/o-error')`
Merge pull request #4101 from overleaf/ae-settings-module Migrate from `settings-sharelatex` to `@overleaf/settings` GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6 2021-07-07 05:38:56 -04:00			`const settings = require('@overleaf/settings')`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			const { User } = require(`${APP_ROOT}/models/User`)
			const { promisifyAll } = require(`${APP_ROOT}/util/promises`)
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
Merge pull request #1903 from overleaf/jel-oauth-email-notification OAuth link/unlink email notification via v2 GitOrigin-RevId: 36b0c6153d3eb8174adc4fd684837d81be95b644 2019-07-11 11:22:25 -04:00			`const oauthProviders = settings.oauthProviders \|\| {}`

finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`function getUser(providerId, externalUserId, callback) {`
			`if (providerId == null \|\| externalUserId == null) {`
Merge pull request #3608 from overleaf/jel-sso-log Improve SSO error log GitOrigin-RevId: a7d3899c662283e49b7505d24b3191213de3968e 2021-02-02 09:25:01 -05:00			`return callback(`
			`new OError('invalid SSO arguments', {`
			`externalUserId,`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`providerId,`
Merge pull request #3608 from overleaf/jel-sso-log Improve SSO error log GitOrigin-RevId: a7d3899c662283e49b7505d24b3191213de3968e 2021-02-02 09:25:01 -05:00			`})`
			`)`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`
			`const query = _getUserQuery(providerId, externalUserId)`
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`User.findOne(query, function (err, user) {`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`if (err != null) {`
			`return callback(err)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`if (!user) {`
			`return callback(new Errors.ThirdPartyUserNotFoundError())`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`callback(null, user)`
			`})`
			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`function login(providerId, externalUserId, externalData, callback) {`
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`ThirdPartyIdentityManager.getUser(`
			`providerId,`
			`externalUserId,`
			`function (err, user) {`
			`if (err != null) {`
			`return callback(err)`
			`}`
			`if (!externalData) {`
			`return callback(null, user)`
			`}`
			`const query = _getUserQuery(providerId, externalUserId)`
			`const update = _thirdPartyIdentifierUpdate(`
			`user,`
			`providerId,`
			`externalUserId,`
			`externalData`
			`)`
			`User.findOneAndUpdate(query, update, { new: true }, callback)`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`)`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`function link(`
			`userId,`
			`providerId,`
			`externalUserId,`
			`externalData,`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`auditLog,`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`callback,`
			`retry`
			`) {`
Merge pull request #3227 from overleaf/jel-security-email-alerts Move security alert handling to private function GitOrigin-RevId: a59b6b0802986b2caa9e9715d80225eb11b163a9 2020-09-29 10:05:12 -04:00			`const accountLinked = true`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`if (!oauthProviders[providerId]) {`
			`return callback(new Error('Not a valid provider'))`
			`}`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00
			`UserAuditLogHandler.addEntry(`
			`userId,`
			`'link-sso',`
			`auditLog.initiatorId,`
			`auditLog.ipAddress,`
			`{`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`providerId,`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`},`
			`error => {`
			`if (error) {`
			`return callback(error)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`const query = {`
			`_id: userId,`
			`'thirdPartyIdentifiers.providerId': {`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`$ne: providerId,`
			`},`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`}`
			`const update = {`
			`$push: {`
			`thirdPartyIdentifiers: {`
			`externalUserId,`
			`externalData,`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`providerId,`
			`},`
			`},`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`}`
			`// add new tpi only if an entry for the provider does not exist`
			`// projection includes thirdPartyIdentifiers for tests`
			`User.findOneAndUpdate(query, update, { new: 1 }, (err, res) => {`
			`if (err && err.code === 11000) {`
			`callback(new Errors.ThirdPartyIdentityExistsError())`
			`} else if (err != null) {`
			`callback(err)`
			`} else if (res) {`
			`_sendSecurityAlert(accountLinked, providerId, res, userId)`
			`callback(null, res)`
			`} else if (retry) {`
			`// if already retried then throw error`
			`callback(new Error('update failed'))`
			`} else {`
			`// attempt to clear existing entry then retry`
			`ThirdPartyIdentityManager.unlink(`
			`userId,`
			`providerId,`
			`auditLog,`
Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`function (err) {`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`if (err != null) {`
			`return callback(err)`
			`}`
			`ThirdPartyIdentityManager.link(`
			`userId,`
			`providerId,`
			`externalUserId,`
			`externalData,`
			`auditLog,`
			`callback,`
			`true`
			`)`
			`}`
			`)`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`
			`})`
Merge pull request #1903 from overleaf/jel-oauth-email-notification OAuth link/unlink email notification via v2 GitOrigin-RevId: 36b0c6153d3eb8174adc4fd684837d81be95b644 2019-07-11 11:22:25 -04:00			`}`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`)`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`

Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`function unlink(userId, providerId, auditLog, callback) {`
Merge pull request #3227 from overleaf/jel-security-email-alerts Move security alert handling to private function GitOrigin-RevId: a59b6b0802986b2caa9e9715d80225eb11b163a9 2020-09-29 10:05:12 -04:00			`const accountLinked = false`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`if (!oauthProviders[providerId]) {`
			`return callback(new Error('Not a valid provider'))`
			`}`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`UserAuditLogHandler.addEntry(`
			`userId,`
			`'unlink-sso',`
			`auditLog.initiatorId,`
			`auditLog.ipAddress,`
			`{`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`providerId,`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`},`
			`error => {`
			`if (error) {`
			`return callback(error)`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`const query = {`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`_id: userId,`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`}`
			`const update = {`
			`$pull: {`
			`thirdPartyIdentifiers: {`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`providerId,`
			`},`
			`},`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`}`
			`// projection includes thirdPartyIdentifiers for tests`
			`User.findOneAndUpdate(query, update, { new: 1 }, (err, res) => {`
			`if (err != null) {`
			`callback(err)`
			`} else if (!res) {`
			`callback(new Error('update failed'))`
			`} else {`
			`// no need to wait, errors are logged and not passed back`
			`_sendSecurityAlert(accountLinked, providerId, res, userId)`
			`callback(null, res)`
			`}`
			`})`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
Merge pull request #3220 from overleaf/jel-link-ieee Move link/unlink SSO audit log entry GitOrigin-RevId: 1b912cc58957af7e80628f3f955f01c2a641812d 2020-10-06 09:50:07 -04:00			`)`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`

			`function _getUserQuery(providerId, externalUserId) {`
			`externalUserId = externalUserId.toString()`
			`providerId = providerId.toString()`
			`const query = {`
			`'thirdPartyIdentifiers.externalUserId': externalUserId,`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`'thirdPartyIdentifiers.providerId': providerId,`
Merge pull request #1717 from overleaf/as-decaffeinate-backend Decaffeinate backend GitOrigin-RevId: 4ca9f94fc809cab6f47cec8254cacaf1bb3806fa 2019-05-29 05:21:06 -04:00			`}`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`return query`
			`}`

Merge pull request #3227 from overleaf/jel-security-email-alerts Move security alert handling to private function GitOrigin-RevId: a59b6b0802986b2caa9e9715d80225eb11b163a9 2020-09-29 10:05:12 -04:00			`function _sendSecurityAlert(accountLinked, providerId, user, userId) {`
			`const providerName = oauthProviders[providerId].name`
Merge pull request #3297 from overleaf/jel-unlink-email Update unlinked email wording GitOrigin-RevId: 976349f1003e6b53ab04b27870356d9452464a39 2020-10-20 08:53:45 -04:00			`const emailOptions = EmailOptionsHelper.linkOrUnlink(`
			`accountLinked,`
			`providerName,`
			`user.email`
			`)`
Merge pull request #3227 from overleaf/jel-security-email-alerts Move security alert handling to private function GitOrigin-RevId: a59b6b0802986b2caa9e9715d80225eb11b163a9 2020-09-29 10:05:12 -04:00			`EmailHandler.sendEmail('securityAlert', emailOptions, error => {`
			`if (error) {`
			`logger.error(`
Merge pull request #3297 from overleaf/jel-unlink-email Update unlinked email wording GitOrigin-RevId: 976349f1003e6b53ab04b27870356d9452464a39 2020-10-20 08:53:45 -04:00			`{ err: error, userId },`
			`could not send security alert email when ${emailOptions.action}`
Merge pull request #3227 from overleaf/jel-security-email-alerts Move security alert handling to private function GitOrigin-RevId: a59b6b0802986b2caa9e9715d80225eb11b163a9 2020-09-29 10:05:12 -04:00			`)`
			`}`
			`})`
			`}`

finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`function _thirdPartyIdentifierUpdate(`
			`user,`
			`providerId,`
			`externalUserId,`
			`externalData`
			`) {`
			`providerId = providerId.toString()`
			`// get third party identifier object from array`
			`const thirdPartyIdentifier = user.thirdPartyIdentifiers.find(`
			`tpi =>`
			`tpi.externalUserId === externalUserId && tpi.providerId === providerId`
			`)`
			`// do recursive merge of new data over existing data`
			`_.merge(thirdPartyIdentifier.externalData, externalData)`
			`const update = { 'thirdPartyIdentifiers.$': thirdPartyIdentifier }`
			`return update`
			`}`

			`const ThirdPartyIdentityManager = {`
			`getUser,`
			`login,`
			`link,`
Merge pull request #3942 from overleaf/prettier-trailing-comma Set Prettier's "trailingComma" setting to "es5" GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5 2021-04-27 03:52:58 -04:00			`unlink,`
finish saml link after sso login GitOrigin-RevId: 688ce78ddfb0cfd6a025985dc2dd6f62bce76523 2019-11-01 10:19:56 -04:00			`}`

			`ThirdPartyIdentityManager.promises = promisifyAll(ThirdPartyIdentityManager)`

			`module.exports = ThirdPartyIdentityManager`