github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

protect settings page with sudo-mode middlewear

Browse source
This commit is contained in:
Shane Kilkelly 2017-05-10 10:25:32 +01:00
parent 029c96c7cc
commit 094784b6d5
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
services/web/app/coffee/Features/SudoMode/SudoModeMiddlewear.coffee Normal file
View file

@ -0,0 +1,21 @@
logger = require 'logger-sharelatex'
SudoModeHandler = require './SudoModeHandler'
AuthenticationController = require '../Authentication/AuthenticationController'
module.exports = SudoModeMiddlewear =
protectPage: (req, res, next) ->
userId = AuthenticationController.getLoggedInUserId(req)
logger.log {userId}, "[SudoMode] protecting endpoint, checking if sudo mode is active"
SudoModeHandler.isSudoModeActive userId, (err, isActive) ->
if err?
logger.err {err, userId}, "[SudoMode] error checking if sudo mode is active"
return next(err)
if isActive
logger.log {userId}, "[SudoMode] sudo mode active, continuing"
return next()
else
logger.log {userId}, "[SudoMode] sudo mode not active, redirecting"
AuthenticationController._setRedirectInSession(req)
return res.redirect('/confirm-password')

6
services/web/app/coffee/router.coffee
View file

@ -39,6 +39,7 @@ ReferencesController = require('./Features/References/ReferencesController')
AuthorizationMiddlewear = require('./Features/Authorization/AuthorizationMiddlewear')
BetaProgramController = require('./Features/BetaProgram/BetaProgramController')
SudoModeController = require('./Features/SudoMode/SudoModeController')
SudoModeMiddlewear = require('./Features/SudoMode/SudoModeMiddlewear')
AnalyticsRouter = require('./Features/Analytics/AnalyticsRouter')
AnnouncementsController = require("./Features/Announcements/AnnouncementsController")
@ -86,7 +87,10 @@ module.exports = class Router
webRouter.get '/user/activate', UserPagesController.activateAccountPage
AuthenticationController.addEndpointToLoginWhitelist '/user/activate'
webRouter.get '/user/settings', AuthenticationController.requireLogin(), UserPagesController.settingsPage
webRouter.get '/user/settings',
AuthenticationController.requireLogin(),
SudoModeMiddlewear.protectPage,
UserPagesController.settingsPage
webRouter.post '/user/settings', AuthenticationController.requireLogin(), UserController.updateUserSettings
webRouter.post '/user/password/update', AuthenticationController.requireLogin(), UserController.changePassword