2017-09-28 11:06:08 -04:00
|
|
|
ProjectController = require "../Project/ProjectController"
|
2017-09-22 09:54:35 -04:00
|
|
|
AuthenticationController = require '../Authentication/AuthenticationController'
|
|
|
|
TokenAccessHandler = require './TokenAccessHandler'
|
2018-12-20 06:50:58 -05:00
|
|
|
Features = require '../../infrastructure/Features'
|
2017-09-28 11:06:08 -04:00
|
|
|
Errors = require '../Errors/Errors'
|
2017-10-03 09:04:59 -04:00
|
|
|
logger = require 'logger-sharelatex'
|
2018-09-10 12:21:58 -04:00
|
|
|
settings = require 'settings-sharelatex'
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
module.exports = TokenAccessController =
|
|
|
|
|
2017-10-16 11:44:20 -04:00
|
|
|
_loadEditor: (projectId, req, res, next) ->
|
|
|
|
req.params.Project_id = projectId.toString()
|
|
|
|
return ProjectController.loadEditor(req, res, next)
|
|
|
|
|
2017-11-01 10:05:29 -04:00
|
|
|
_tryHigherAccess: (token, userId, req, res, next) ->
|
2018-09-24 13:31:07 -04:00
|
|
|
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
|
2017-11-01 10:05:29 -04:00
|
|
|
if err?
|
|
|
|
logger.err {err, token, userId},
|
|
|
|
"[TokenAccess] error finding project with higher access"
|
|
|
|
return next(err)
|
|
|
|
if !project?
|
|
|
|
logger.log {token, userId},
|
|
|
|
"[TokenAccess] no project with higher access found for this user and token"
|
|
|
|
return next(new Errors.NotFoundError())
|
|
|
|
logger.log {token, userId, projectId: project._id},
|
|
|
|
"[TokenAccess] user has higher access to project, redirecting"
|
|
|
|
res.redirect(302, "/project/#{project._id}")
|
|
|
|
|
2017-09-22 09:54:35 -04:00
|
|
|
readAndWriteToken: (req, res, next) ->
|
|
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
|
|
token = req.params['read_and_write_token']
|
2017-10-31 10:27:43 -04:00
|
|
|
logger.log {userId, token}, "[TokenAccess] requesting read-and-write token access"
|
2018-09-24 13:16:30 -04:00
|
|
|
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, project, projectExists) ->
|
2017-09-22 09:54:35 -04:00
|
|
|
if err?
|
|
|
|
logger.err {err, token, userId},
|
2017-10-31 10:27:43 -04:00
|
|
|
"[TokenAccess] error getting project by readAndWrite token"
|
2017-09-22 09:54:35 -04:00
|
|
|
return next(err)
|
2018-09-24 13:16:30 -04:00
|
|
|
if !projectExists and settings.overleaf
|
|
|
|
logger.log {token, userId},
|
2018-09-27 12:38:35 -04:00
|
|
|
"[TokenAccess] no project found for this token"
|
2018-12-20 06:50:58 -05:00
|
|
|
TokenAccessController._handleV1Project(
|
|
|
|
token,
|
|
|
|
userId,
|
|
|
|
"/#{token}",
|
|
|
|
res,
|
|
|
|
next
|
|
|
|
)
|
2018-09-27 12:38:35 -04:00
|
|
|
else if !project?
|
2017-09-22 09:54:35 -04:00
|
|
|
logger.log {token, userId},
|
2017-11-01 07:50:04 -04:00
|
|
|
"[TokenAccess] no token-based project found for readAndWrite token"
|
2017-10-18 08:04:37 -04:00
|
|
|
if !userId?
|
|
|
|
logger.log {token},
|
2017-11-01 10:01:00 -04:00
|
|
|
"[TokenAccess] No project found with read-write token, anonymous user, deny"
|
2017-10-18 08:04:37 -04:00
|
|
|
return next(new Errors.NotFoundError())
|
2017-11-01 10:05:29 -04:00
|
|
|
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
|
2017-10-16 08:20:15 -04:00
|
|
|
else
|
2017-10-18 08:04:37 -04:00
|
|
|
if !userId?
|
|
|
|
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
|
|
|
|
logger.log {token, projectId: project._id},
|
2017-10-31 10:27:43 -04:00
|
|
|
"[TokenAccess] allow anonymous read-and-write token access"
|
2017-10-18 08:04:37 -04:00
|
|
|
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
2017-10-20 05:10:21 -04:00
|
|
|
req._anonymousAccessToken = token
|
2017-10-18 08:04:37 -04:00
|
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
|
|
else
|
|
|
|
logger.log {token, projectId: project._id},
|
2017-10-31 10:27:43 -04:00
|
|
|
"[TokenAccess] deny anonymous read-and-write token access"
|
2018-11-30 08:03:35 -05:00
|
|
|
AuthenticationController.setRedirectInSession(req)
|
2017-11-06 11:46:42 -05:00
|
|
|
return res.redirect('/restricted')
|
2017-10-16 11:44:20 -04:00
|
|
|
if project.owner_ref.toString() == userId
|
|
|
|
logger.log {userId, projectId: project._id},
|
2017-10-31 10:27:43 -04:00
|
|
|
"[TokenAccess] user is already project owner"
|
2017-10-16 11:44:20 -04:00
|
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
2017-10-16 08:20:15 -04:00
|
|
|
logger.log {userId, projectId: project._id},
|
2017-10-31 10:27:43 -04:00
|
|
|
"[TokenAccess] adding user to project with readAndWrite token"
|
2017-10-16 08:20:15 -04:00
|
|
|
TokenAccessHandler.addReadAndWriteUserToProject userId, project._id, (err) ->
|
|
|
|
if err?
|
|
|
|
logger.err {err, token, userId, projectId: project._id},
|
2017-10-31 10:27:43 -04:00
|
|
|
"[TokenAccess] error adding user to project with readAndWrite token"
|
2017-10-16 08:20:15 -04:00
|
|
|
return next(err)
|
2017-10-16 11:44:20 -04:00
|
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
2017-09-22 09:54:35 -04:00
|
|
|
|
|
|
|
readOnlyToken: (req, res, next) ->
|
|
|
|
userId = AuthenticationController.getLoggedInUserId(req)
|
|
|
|
token = req.params['read_only_token']
|
2017-10-31 10:27:43 -04:00
|
|
|
logger.log {userId, token}, "[TokenAccess] requesting read-only token access"
|
2018-12-20 06:50:58 -05:00
|
|
|
TokenAccessHandler.getV1DocPublishedInfo token, (err, doc_published_info) ->
|
|
|
|
return next err if err?
|
|
|
|
return res.redirect doc_published_info.published_path if doc_published_info.allow == false
|
2018-10-02 11:16:46 -04:00
|
|
|
|
|
|
|
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project, projectExists) ->
|
|
|
|
if err?
|
|
|
|
logger.err {err, token, userId},
|
|
|
|
"[TokenAccess] error getting project by readOnly token"
|
|
|
|
return next(err)
|
|
|
|
if !projectExists and settings.overleaf
|
|
|
|
logger.log {token, userId},
|
|
|
|
"[TokenAccess] no project found for this token"
|
2018-12-20 06:50:58 -05:00
|
|
|
TokenAccessController._handleV1Project(
|
|
|
|
token,
|
|
|
|
userId,
|
|
|
|
"/read/#{token}",
|
|
|
|
res,
|
|
|
|
next
|
|
|
|
)
|
2018-10-02 11:16:46 -04:00
|
|
|
else if !project?
|
|
|
|
logger.log {token, userId},
|
|
|
|
"[TokenAccess] no project found for readOnly token"
|
|
|
|
if !userId?
|
|
|
|
logger.log {token},
|
|
|
|
"[TokenAccess] No project found with readOnly token, anonymous user, deny"
|
|
|
|
return next(new Errors.NotFoundError())
|
|
|
|
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
|
|
|
|
else
|
2018-09-24 18:03:28 -04:00
|
|
|
if !userId?
|
2017-11-01 10:01:00 -04:00
|
|
|
logger.log {userId, projectId: project._id},
|
2018-09-24 18:03:28 -04:00
|
|
|
"[TokenAccess] adding anonymous user to project with readOnly token"
|
|
|
|
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
|
|
|
req._anonymousAccessToken = token
|
2017-11-01 10:01:00 -04:00
|
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
2018-09-24 18:03:28 -04:00
|
|
|
else
|
|
|
|
if project.owner_ref.toString() == userId
|
|
|
|
logger.log {userId, projectId: project._id},
|
|
|
|
"[TokenAccess] user is already project owner"
|
|
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
|
|
|
logger.log {userId, projectId: project._id},
|
|
|
|
"[TokenAccess] adding user to project with readOnly token"
|
|
|
|
TokenAccessHandler.addReadOnlyUserToProject userId, project._id, (err) ->
|
|
|
|
if err?
|
|
|
|
logger.err {err, token, userId, projectId: project._id},
|
|
|
|
"[TokenAccess] error adding user to project with readAndWrite token"
|
|
|
|
return next(err)
|
|
|
|
return TokenAccessController._loadEditor(project._id, req, res, next)
|
2018-12-20 06:50:58 -05:00
|
|
|
|
|
|
|
_handleV1Project: (token, userId, redirectPath, res, next) ->
|
|
|
|
if !userId?
|
|
|
|
if Features.hasFeature('force-import-to-v2')
|
|
|
|
return res.render('project/v2-import', { loginRedirect: redirectPath })
|
|
|
|
else
|
|
|
|
return res.redirect(302, "/sign_in_to_v1?return_to=#{redirectPath}")
|
|
|
|
else
|
|
|
|
TokenAccessHandler.getV1DocInfo token, userId, (err, doc_info) ->
|
|
|
|
return next err if err?
|
|
|
|
return next(new Errors.NotFoundError()) if doc_info.exported
|
|
|
|
if Features.hasFeature('force-import-to-v2')
|
|
|
|
return res.render('project/v2-import', {
|
|
|
|
projectId: token,
|
|
|
|
hasOwner: doc_info.has_owner,
|
2019-01-03 07:04:22 -05:00
|
|
|
name: doc_info.name,
|
|
|
|
hasAssignment: doc_info.has_assignment,
|
|
|
|
brandInfo: doc_info.brand_info
|
2018-12-20 06:50:58 -05:00
|
|
|
})
|
|
|
|
else
|
|
|
|
return res.redirect(302, "/sign_in_to_v1?return_to=#{redirectPath}")
|