overleaf/services/web/app/src/Features/User/SAMLIdentityManager.js

const Errors = require('../Errors/Errors')
const logger = require('logger-sharelatex')
const OError = require('@overleaf/o-error')
const { User } = require('../../models/User')
const UserGetter = require('../User/UserGetter')
const UserUpdater = require('../User/UserUpdater')

function _addIdentifier(userId, externalUserId, providerId) {
  providerId = providerId.toString()
  const query = {
    _id: userId,
    'samlIdentifiers.providerId': {
      $ne: providerId
    }
  }
  const update = {
    $push: {
      samlIdentifiers: {
        externalUserId,
        providerId
      }
    }
  }

  // First update user.samlIdentifiers
  let updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()
  try {
    updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()
  } catch (err) {
    if (err && err.code === 11000) {
      throw new Errors.SAMLIdentityExistsError()
    } else if (err != null) {
      logger.log(err, userId, 'failed to add institution SAML identifier')
      throw new OError(err)
    }
  }
  return updatedUser
}

function _getUserQuery(providerId, externalUserId) {
  externalUserId = externalUserId.toString()
  providerId = providerId.toString()
  const query = {
    'samlIdentifiers.externalUserId': externalUserId,
    'samlIdentifiers.providerId': providerId
  }
  return query
}

async function _addInstitutionEmail(userId, email, providerId) {
  const user = await UserGetter.promises.getUser(userId)
  const query = {
    _id: userId,
    'emails.email': email
  }
  const update = {
    $set: {
      'emails.$.samlProviderId': providerId.toString()
    }
  }
  if (user == null) {
    logger.log(userId, 'could not find user for institution SAML linking')
    throw new Errors.NotFoundError('user not found')
  }
  const emailAlreadyAssociated = user.emails.find(e => e.email === email)
  if (emailAlreadyAssociated && emailAlreadyAssociated.confirmedAt) {
    await UserUpdater.promises.updateUser(query, update)
  } else if (emailAlreadyAssociated) {
    // add and confirm email
    await UserUpdater.promises.confirmEmail(user._id, email)
    await UserUpdater.promises.updateUser(query, update)
  } else {
    // add and confirm email
    await UserUpdater.promises.addEmailAddress(user._id, email)
    await UserUpdater.promises.confirmEmail(user._id, email)
    await UserUpdater.promises.updateUser(query, update)
  }
}

async function getUser(providerId, externalUserId) {
  if (providerId == null || externalUserId == null) {
    throw new Error('invalid arguments')
  }
  try {
    const query = _getUserQuery(providerId, externalUserId)
    let user = await User.findOne(query).exec()
    if (!user) {
      throw new Errors.SAMLUserNotFoundError()
    }
    return user
  } catch (error) {
    throw error
  }
}

async function linkAccounts(
  userId,
  externalUserId,
  institutionEmail,
  providerId
) {
  try {
    await _addIdentifier(userId, externalUserId, providerId)
    await _addInstitutionEmail(userId, institutionEmail, providerId)
  } catch (error) {
    throw error
  }
}

const SAMLIdentityManager = {
  getUser,
  linkAccounts
}

module.exports = SAMLIdentityManager
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`const Errors = require('../Errors/Errors')`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const logger = require('logger-sharelatex')`
			`const OError = require('@overleaf/o-error')`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`const { User } = require('../../models/User')`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const UserGetter = require('../User/UserGetter')`
			`const UserUpdater = require('../User/UserUpdater')`

			`function _addIdentifier(userId, externalUserId, providerId) {`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`providerId = providerId.toString()`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const query = {`
			`_id: userId,`
			`'samlIdentifiers.providerId': {`
			`$ne: providerId`
			`}`
			`}`
			`const update = {`
			`$push: {`
			`samlIdentifiers: {`
			`externalUserId,`
			`providerId`
			`}`
			`}`
			`}`

			`// First update user.samlIdentifiers`
			`let updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()`
			`try {`
			`updatedUser = User.findOneAndUpdate(query, update, { new: true }).exec()`
			`} catch (err) {`
			`if (err && err.code === 11000) {`
			`throw new Errors.SAMLIdentityExistsError()`
			`} else if (err != null) {`
			`logger.log(err, userId, 'failed to add institution SAML identifier')`
			`throw new OError(err)`
			`}`
			`}`
			`return updatedUser`
			`}`

Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`function _getUserQuery(providerId, externalUserId) {`
			`externalUserId = externalUserId.toString()`
			`providerId = providerId.toString()`
			`const query = {`
			`'samlIdentifiers.externalUserId': externalUserId,`
			`'samlIdentifiers.providerId': providerId`
			`}`
			`return query`
			`}`

			`async function _addInstitutionEmail(userId, email, providerId) {`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`const user = await UserGetter.promises.getUser(userId)`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`const query = {`
			`_id: userId,`
			`'emails.email': email`
			`}`
			`const update = {`
			`$set: {`
			`'emails.$.samlProviderId': providerId.toString()`
			`}`
			`}`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`if (user == null) {`
			`logger.log(userId, 'could not find user for institution SAML linking')`
			`throw new Errors.NotFoundError('user not found')`
			`}`
			`const emailAlreadyAssociated = user.emails.find(e => e.email === email)`
			`if (emailAlreadyAssociated && emailAlreadyAssociated.confirmedAt) {`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`await UserUpdater.promises.updateUser(query, update)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`} else if (emailAlreadyAssociated) {`
			`// add and confirm email`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`await UserUpdater.promises.confirmEmail(user._id, email)`
			`await UserUpdater.promises.updateUser(query, update)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`} else {`
			`// add and confirm email`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`await UserUpdater.promises.addEmailAddress(user._id, email)`
			`await UserUpdater.promises.confirmEmail(user._id, email)`
			`await UserUpdater.promises.updateUser(query, update)`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`}`
			`}`

Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`async function getUser(providerId, externalUserId) {`
			`if (providerId == null \|\| externalUserId == null) {`
			`throw new Error('invalid arguments')`
			`}`
			`try {`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`const query = _getUserQuery(providerId, externalUserId)`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`let user = await User.findOne(query).exec()`
			`if (!user) {`
			`throw new Errors.SAMLUserNotFoundError()`
			`}`
			`return user`
			`} catch (error) {`
			`throw error`
			`}`
			`}`

Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`async function linkAccounts(`
			`userId,`
			`externalUserId,`
			`institutionEmail,`
			`providerId`
			`) {`
Merge pull request #2167 from overleaf/jel-saml-account-settings-layout Account settings layout for institution SSO GitOrigin-RevId: d9c9e5eeb3b4a215456b0f5294139c1b8d4968c3 2019-09-30 09:21:31 -04:00			`try {`
			`await _addIdentifier(userId, externalUserId, providerId)`
			`await _addInstitutionEmail(userId, institutionEmail, providerId)`
			`} catch (error) {`
			`throw error`
			`}`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`}`

Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`const SAMLIdentityManager = {`
Merge pull request #2114 from overleaf/jel-saml-account-linking Login and link SAML account GitOrigin-RevId: 97daf9b6028ece3b3a19715873439f5fea7ecebb 2019-09-12 10:01:12 -04:00			`getUser,`
			`linkAccounts`
Render account linking page Simplify account linking data. Change `institution.name` to `institutionName` Update emailAlreadyLinked value. The layout checks for 'primary' and 'secondary', not a boolean, so update data passed Add error messages to Account Linking pages Rename account linking file name to reflect route change. Changed `institution` to `institutional` on the login route. GitOrigin-RevId: 4e12b9ec7c1577efbaa8c0628e3c41c70114844e 2019-08-27 16:48:00 -04:00			`}`

			`module.exports = SAMLIdentityManager`