overleaf/services/web/app/src/Features/User/SAMLIdentityManager.js

const EmailHandler = require('../Email/EmailHandler')
const Errors = require('../Errors/Errors')
const logger = require('logger-sharelatex')
const OError = require('@overleaf/o-error')
const { User } = require('../../models/User')
const UserGetter = require('../User/UserGetter')
const UserUpdater = require('../User/UserUpdater')

function _addIdentifier(userId, externalUserId, providerId) {
  providerId = providerId.toString()
  const query = {
    _id: userId,
    'samlIdentifiers.providerId': {
      $ne: providerId
    }
  }
  const update = {
    $push: {
      samlIdentifiers: {
        externalUserId,
        providerId
      }
    }
  }

  // First update user.samlIdentifiers
  let updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()
  try {
    updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()
  } catch (err) {
    if (err && err.code === 11000) {
      throw new Errors.SAMLIdentityExistsError()
    } else if (err != null) {
      logger.log(err, userId, 'failed to add institution SAML identifier')
      throw new OError(err)
    }
  }
  return updatedUser
}

function _getUserQuery(providerId, externalUserId) {
  externalUserId = externalUserId.toString()
  providerId = providerId.toString()
  const query = {
    'samlIdentifiers.externalUserId': externalUserId,
    'samlIdentifiers.providerId': providerId
  }
  return query
}

async function _addInstitutionEmail(userId, email, providerId) {
  const user = await UserGetter.promises.getUser(userId)
  const query = {
    _id: userId,
    'emails.email': email
  }
  const update = {
    $set: {
      'emails.$.samlProviderId': providerId.toString()
    }
  }
  if (user == null) {
    logger.log(userId, 'could not find user for institution SAML linking')
    throw new Errors.NotFoundError('user not found')
  }
  const emailAlreadyAssociated = user.emails.find(e => e.email === email)
  if (emailAlreadyAssociated && emailAlreadyAssociated.confirmedAt) {
    await UserUpdater.promises.updateUser(query, update)
  } else if (emailAlreadyAssociated) {
    // add and confirm email
    await UserUpdater.promises.confirmEmail(user._id, email)
    await UserUpdater.promises.updateUser(query, update)
  } else {
    // add and confirm email
    await UserUpdater.promises.addEmailAddress(user._id, email)
    await UserUpdater.promises.confirmEmail(user._id, email)
    await UserUpdater.promises.updateUser(query, update)
  }
}

async function _sendLinkedEmail(userId, providerName) {
  const user = await UserGetter.promises.getUser(userId, { email: 1 })
  const emailOptions = {
    to: user.email,
    provider: providerName
  }
  EmailHandler.sendEmail(
    'emailThirdPartyIdentifierLinked',
    emailOptions,
    error => {
      if (error != null) {
        logger.warn(error)
      }
    }
  )
}

function _sendUnlinkedEmail(primaryEmail, providerName) {
  const emailOptions = {
    to: primaryEmail,
    provider: providerName
  }
  EmailHandler.sendEmail(
    'emailThirdPartyIdentifierUnlinked',
    emailOptions,
    error => {
      if (error != null) {
        logger.warn(error)
      }
    }
  )
}

async function getUser(providerId, externalUserId) {
  if (providerId == null || externalUserId == null) {
    throw new Error('invalid arguments')
  }
  const query = _getUserQuery(providerId, externalUserId)
  let user = await User.findOne(query).exec()
  if (!user) {
    throw new Errors.SAMLUserNotFoundError()
  }
  return user
}

async function linkAccounts(
  userId,
  externalUserId,
  institutionEmail,
  providerId,
  providerName
) {
  await _addIdentifier(userId, externalUserId, providerId)
  await _addInstitutionEmail(userId, institutionEmail, providerId)
  await _sendLinkedEmail(userId, providerName)
}

async function unlinkAccounts(userId, primaryEmail, providerId, providerName) {
  const query = {
    _id: userId
  }
  const update = {
    $pull: {
      samlIdentifiers: {
        providerId
      }
    }
  }
  await User.update(query, update).exec()
  _sendUnlinkedEmail(primaryEmail, providerName)
}

const SAMLIdentityManager = {
  getUser,
  linkAccounts,
  unlinkAccounts
}

module.exports = SAMLIdentityManager
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`const EmailHandler = require('../Email/EmailHandler')`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`const Errors = require('../Errors/Errors')`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const logger = require('logger-sharelatex')`
			`const OError = require('@overleaf/o-error')`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`const { User } = require('../../models/User')`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const UserGetter = require('../User/UserGetter')`
			`const UserUpdater = require('../User/UserUpdater')`

			`function _addIdentifier(userId, externalUserId, providerId) {`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`providerId = providerId.toString()`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const query = {`
			`_id: userId,`
			`'samlIdentifiers.providerId': {`
			`$ne: providerId`
			`}`
			`}`
			`const update = {`
			`$push: {`
			`samlIdentifiers: {`
			`externalUserId,`
			`providerId`
			`}`
			`}`
			`}`

			`// First update user.samlIdentifiers`
			`let updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()`
			`try {`
			`updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()`
			`} catch (err) {`
			`if (err && err.code === 11000) {`
			`throw new Errors.SAMLIdentityExistsError()`
			`} else if (err != null) {`
			`logger.log(err, userId, 'failed to add institution SAML identifier')`
			`throw new OError(err)`
			`}`
			`}`
			`return updatedUser`
			`}`

Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`function _getUserQuery(providerId, externalUserId) {`
			`externalUserId = externalUserId.toString()`
			`providerId = providerId.toString()`
			`const query = {`
			`'samlIdentifiers.externalUserId': externalUserId,`
			`'samlIdentifiers.providerId': providerId`
			`}`
			`return query`
			`}`

			`async function _addInstitutionEmail(userId, email, providerId) {`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const user = await UserGetter.promises.getUser(userId)`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`const query = {`
			`_id: userId,`
			`'emails.email': email`
			`}`
			`const update = {`
			`$set: {`
			`'emails.$.samlProviderId': providerId.toString()`
			`}`
			`}`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`if (user == null) {`
			`logger.log(userId, 'could not find user for institution SAML linking')`
			`throw new Errors.NotFoundError('user not found')`
			`}`
			`const emailAlreadyAssociated = user.emails.find(e => e.email === email)`
			`if (emailAlreadyAssociated && emailAlreadyAssociated.confirmedAt) {`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`await UserUpdater.promises.updateUser(query, update)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`} else if (emailAlreadyAssociated) {`
			`// add and confirm email`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`await UserUpdater.promises.confirmEmail(user._id, email)`
			`await UserUpdater.promises.updateUser(query, update)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`} else {`
			`// add and confirm email`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`await UserUpdater.promises.addEmailAddress(user._id, email)`
			`await UserUpdater.promises.confirmEmail(user._id, email)`
			`await UserUpdater.promises.updateUser(query, update)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`}`
			`}`

Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`async function _sendLinkedEmail(userId, providerName) {`
			`const user = await UserGetter.promises.getUser(userId, { email: 1 })`
			`const emailOptions = {`
			`to: user.email,`
			`provider: providerName`
			`}`
			`EmailHandler.sendEmail(`
			`'emailThirdPartyIdentifierLinked',`
			`emailOptions,`
			`error => {`
			`if (error != null) {`
			`logger.warn(error)`
			`}`
			`}`
			`)`
			`}`

			`function _sendUnlinkedEmail(primaryEmail, providerName) {`
			`const emailOptions = {`
			`to: primaryEmail,`
			`provider: providerName`
			`}`
			`EmailHandler.sendEmail(`
			`'emailThirdPartyIdentifierUnlinked',`
			`emailOptions,`
			`error => {`
			`if (error != null) {`
			`logger.warn(error)`
			`}`
			`}`
			`)`
			`}`

Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`async function getUser(providerId, externalUserId) {`
			`if (providerId == null \|\| externalUserId == null) {`
			`throw new Error('invalid arguments')`
			`}`
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`const query = _getUserQuery(providerId, externalUserId)`
			`let user = await User.findOne(query).exec()`
			`if (!user) {`
			`throw new Errors.SAMLUserNotFoundError()`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`}`
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`return user`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`}`

Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`async function linkAccounts(`
			`userId,`
			`externalUserId,`
			`institutionEmail,`
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`providerId,`
			`providerName`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`) {`
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`await _addIdentifier(userId, externalUserId, providerId)`
			`await _addInstitutionEmail(userId, institutionEmail, providerId)`
			`await _sendLinkedEmail(userId, providerName)`
			`}`

			`async function unlinkAccounts(userId, primaryEmail, providerId, providerName) {`
			`const query = {`
			`_id: userId`
			`}`
			`const update = {`
			`$pull: {`
			`samlIdentifiers: {`
			`providerId`
			`}`
			`}`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`}`
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`await User.update(query, update).exec()`
			`_sendUnlinkedEmail(primaryEmail, providerName)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`}`

Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`const SAMLIdentityManager = {`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`getUser,`
Merge pull request #2184 from overleaf/jel-unlink-institution-and-email-notifications Unlink institution login and send email link/unlink notifications GitOrigin-RevId: d0fe96804d69e3c332c2b866fad5af026b5e2f8f 2019-10-03 10:10:22 -04:00			`linkAccounts,`
			`unlinkAccounts`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`}`

			`module.exports = SAMLIdentityManager`