2019-05-29 05:21:06 -04:00
|
|
|
const UserGetter = require('./UserGetter')
|
|
|
|
|
const UserSessionsManager = require('./UserSessionsManager')
|
|
|
|
|
const ErrorController = require('../Errors/ErrorController')
|
|
|
|
|
const logger = require('logger-sharelatex')
|
|
|
|
|
const Settings = require('settings-sharelatex')
|
|
|
|
|
const AuthenticationController = require('../Authentication/AuthenticationController')
|
2019-09-30 09:21:31 -04:00
|
|
|
const _ = require('lodash')
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2019-07-18 10:19:10 -04:00
|
|
|
const UserPagesController = {
|
2019-05-29 05:21:06 -04:00
|
|
|
registerPage(req, res) {
|
|
|
|
|
const sharedProjectData = {
|
|
|
|
|
project_name: req.query.project_name,
|
|
|
|
|
user_first_name: req.query.user_first_name
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const newTemplateData = {}
|
|
|
|
|
if (req.session.templateData != null) {
|
|
|
|
|
newTemplateData.templateName = req.session.templateData.templateName
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-18 10:19:10 -04:00
|
|
|
res.render('user/register', {
|
2019-05-29 05:21:06 -04:00
|
|
|
title: 'register',
|
|
|
|
|
sharedProjectData,
|
|
|
|
|
newTemplateData,
|
2019-10-07 12:48:43 -04:00
|
|
|
new_email: req.query.new_email || '',
|
|
|
|
|
samlBeta: req.session.samlBeta
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
},
|
|
|
|
|
|
2019-07-18 10:19:10 -04:00
|
|
|
activateAccountPage(req, res, next) {
|
2019-05-29 05:21:06 -04:00
|
|
|
// An 'activation' is actually just a password reset on an account that
|
|
|
|
|
// was set with a random password originally.
|
|
|
|
|
logger.log({ query: req.query }, 'activiate account page called')
|
2019-07-18 10:19:10 -04:00
|
|
|
if (req.query.user_id == null || req.query.token == null) {
|
2019-05-29 05:21:06 -04:00
|
|
|
return ErrorController.notFound(req, res)
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-18 10:19:10 -04:00
|
|
|
UserGetter.getUser(
|
2019-05-29 05:21:06 -04:00
|
|
|
req.query.user_id,
|
|
|
|
|
{ email: 1, loginCount: 1 },
|
2019-07-18 10:19:10 -04:00
|
|
|
(error, user) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (error != null) {
|
|
|
|
|
return next(error)
|
|
|
|
|
}
|
|
|
|
|
if (!user) {
|
|
|
|
|
return ErrorController.notFound(req, res)
|
|
|
|
|
}
|
|
|
|
|
if (user.loginCount > 0) {
|
|
|
|
|
logger.log(
|
|
|
|
|
{ user },
|
|
|
|
|
'user has already logged in so is active, sending them to /login'
|
|
|
|
|
)
|
|
|
|
|
// Already seen this user, so account must be activate
|
|
|
|
|
// This lets users keep clicking the 'activate' link in their email
|
|
|
|
|
// as a way to log in which, if I know our users, they will.
|
2019-07-18 10:19:10 -04:00
|
|
|
res.redirect(`/login?email=${encodeURIComponent(user.email)}`)
|
2019-05-29 05:21:06 -04:00
|
|
|
} else {
|
2019-07-18 10:19:10 -04:00
|
|
|
res.render('user/activate', {
|
2019-05-29 05:21:06 -04:00
|
|
|
title: 'activate_account',
|
|
|
|
|
email: user.email,
|
|
|
|
|
token: req.query.token
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
loginPage(req, res) {
|
|
|
|
|
// if user is being sent to /login with explicit redirect (redir=/foo),
|
|
|
|
|
// such as being sent from the editor to /login, then set the redirect explicitly
|
|
|
|
|
if (
|
|
|
|
|
req.query.redir != null &&
|
|
|
|
|
AuthenticationController._getRedirectFromSession(req) == null
|
|
|
|
|
) {
|
|
|
|
|
logger.log(
|
|
|
|
|
{ redir: req.query.redir },
|
|
|
|
|
'setting explicit redirect from login page'
|
|
|
|
|
)
|
|
|
|
|
AuthenticationController.setRedirectInSession(req, req.query.redir)
|
|
|
|
|
}
|
2019-07-18 10:19:10 -04:00
|
|
|
res.render('user/login', {
|
2019-05-29 05:21:06 -04:00
|
|
|
title: 'login',
|
2019-10-28 10:09:37 -04:00
|
|
|
email: req.query.email
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
},
|
|
|
|
|
|
2019-07-18 10:19:10 -04:00
|
|
|
/**
|
|
|
|
|
* Landing page for users who may have received one-time login
|
|
|
|
|
* tokens from the read-only maintenance site.
|
|
|
|
|
*
|
|
|
|
|
* We tell them that Overleaf is back up and that they can login normally.
|
|
|
|
|
*/
|
|
|
|
|
oneTimeLoginPage(req, res, next) {
|
|
|
|
|
res.render('user/one_time_login')
|
|
|
|
|
},
|
|
|
|
|
|
2019-05-29 05:21:06 -04:00
|
|
|
logoutPage(req, res) {
|
2019-07-18 10:19:10 -04:00
|
|
|
res.render('user/logout')
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
renderReconfirmAccountPage(req, res) {
|
2019-07-18 10:19:10 -04:00
|
|
|
const pageData = {
|
|
|
|
|
reconfirm_email: req.session.reconfirm_email
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
// when a user must reconfirm their account
|
2019-07-18 10:19:10 -04:00
|
|
|
res.render('user/reconfirm', pageData)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
settingsPage(req, res, next) {
|
2019-07-18 10:19:10 -04:00
|
|
|
const userId = AuthenticationController.getLoggedInUserId(req)
|
2019-09-30 09:21:31 -04:00
|
|
|
// SSO
|
2019-06-18 11:35:57 -04:00
|
|
|
const ssoError = req.session.ssoError
|
|
|
|
|
if (ssoError) {
|
|
|
|
|
delete req.session.ssoError
|
|
|
|
|
}
|
2019-09-30 09:21:31 -04:00
|
|
|
// Institution SSO
|
2019-10-21 12:02:01 -04:00
|
|
|
let institutionLinked = _.get(req.session, ['saml', 'linked'])
|
|
|
|
|
if (institutionLinked) {
|
|
|
|
|
// copy object if exists because _.get does not
|
|
|
|
|
institutionLinked = Object.assign(
|
|
|
|
|
{
|
|
|
|
|
hasEntitlement: _.get(req.session, ['saml', 'hasEntitlement'])
|
|
|
|
|
},
|
|
|
|
|
institutionLinked
|
|
|
|
|
)
|
|
|
|
|
}
|
2019-11-12 08:59:04 -05:00
|
|
|
const institutionLinkedToAnother = _.get(req.session, [
|
|
|
|
|
'saml',
|
|
|
|
|
'linkedToAnother'
|
|
|
|
|
])
|
2019-10-17 11:30:37 -04:00
|
|
|
const institutionEmailNonCanonical = _.get(req.session, [
|
|
|
|
|
'saml',
|
|
|
|
|
'emailNonCanonical'
|
|
|
|
|
])
|
2019-09-30 09:21:31 -04:00
|
|
|
delete req.session.saml
|
2019-07-18 10:19:10 -04:00
|
|
|
logger.log({ user: userId }, 'loading settings page')
|
2019-07-15 09:09:04 -04:00
|
|
|
let shouldAllowEditingDetails = true
|
|
|
|
|
if (Settings.ldap && Settings.ldap.updateUserDetailsOnLogin) {
|
|
|
|
|
shouldAllowEditingDetails = false
|
|
|
|
|
}
|
|
|
|
|
if (Settings.saml && Settings.saml.updateUserDetailsOnLogin) {
|
|
|
|
|
shouldAllowEditingDetails = false
|
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
const oauthProviders = Settings.oauthProviders || {}
|
|
|
|
|
|
2019-07-18 10:19:10 -04:00
|
|
|
UserGetter.getUser(userId, (err, user) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null) {
|
|
|
|
|
return next(err)
|
|
|
|
|
}
|
2019-07-10 06:40:59 -04:00
|
|
|
res.render('user/settings', {
|
|
|
|
|
title: 'account_settings',
|
|
|
|
|
user,
|
|
|
|
|
hasPassword: !!user.hashedPassword,
|
|
|
|
|
shouldAllowEditingDetails,
|
|
|
|
|
languages: Settings.languages,
|
|
|
|
|
accountSettingsTabActive: true,
|
|
|
|
|
oauthProviders: UserPagesController._translateProviderDescriptions(
|
|
|
|
|
oauthProviders,
|
|
|
|
|
req
|
|
|
|
|
),
|
|
|
|
|
oauthUseV2: Settings.oauthUseV2 || false,
|
2019-09-30 09:21:31 -04:00
|
|
|
institutionLinked,
|
2019-11-12 08:59:04 -05:00
|
|
|
institutionLinkedToAnother,
|
2019-10-17 11:30:37 -04:00
|
|
|
institutionEmailNonCanonical,
|
2019-10-07 12:48:43 -04:00
|
|
|
samlBeta: req.session.samlBeta,
|
2019-07-10 06:40:59 -04:00
|
|
|
ssoError: ssoError,
|
2019-09-30 09:21:31 -04:00
|
|
|
thirdPartyIds: UserPagesController._restructureThirdPartyIds(user)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
sessionsPage(req, res, next) {
|
|
|
|
|
const user = AuthenticationController.getSessionUser(req)
|
2019-07-18 10:19:10 -04:00
|
|
|
logger.log({ userId: user._id }, 'loading sessions page')
|
|
|
|
|
UserSessionsManager.getAllUserSessions(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
|
|
|
|
[req.sessionID],
|
2019-07-18 10:19:10 -04:00
|
|
|
(err, sessions) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (err != null) {
|
2019-07-18 10:19:10 -04:00
|
|
|
logger.warn({ userId: user._id }, 'error getting all user sessions')
|
2019-05-29 05:21:06 -04:00
|
|
|
return next(err)
|
|
|
|
|
}
|
2019-07-18 10:19:10 -04:00
|
|
|
res.render('user/sessions', {
|
2019-05-29 05:21:06 -04:00
|
|
|
title: 'sessions',
|
|
|
|
|
sessions
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
_restructureThirdPartyIds(user) {
|
|
|
|
|
// 3rd party identifiers are an array of objects
|
|
|
|
|
// this turn them into a single object, which
|
|
|
|
|
// makes data easier to use in template
|
|
|
|
|
if (
|
|
|
|
|
!user.thirdPartyIdentifiers ||
|
|
|
|
|
user.thirdPartyIdentifiers.length === 0
|
|
|
|
|
) {
|
|
|
|
|
return null
|
|
|
|
|
}
|
2019-07-18 10:19:10 -04:00
|
|
|
return user.thirdPartyIdentifiers.reduce((obj, identifier) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
obj[identifier.providerId] = identifier.externalUserId
|
|
|
|
|
return obj
|
|
|
|
|
}, {})
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
_translateProviderDescriptions(providers, req) {
|
|
|
|
|
const result = {}
|
|
|
|
|
if (providers) {
|
|
|
|
|
for (let provider in providers) {
|
|
|
|
|
const data = providers[provider]
|
|
|
|
|
data.description = req.i18n.translate(
|
|
|
|
|
data.descriptionKey,
|
|
|
|
|
data.descriptionOptions
|
|
|
|
|
)
|
|
|
|
|
result[provider] = data
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-07-18 10:19:10 -04:00
|
|
|
|
|
|
|
|
module.exports = UserPagesController
|
