github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #15687 from overleaf/jel-token-v1-mismatch

Browse source 
[web] Test for v1 project URL fragment in link sharing hash check

GitOrigin-RevId: 10cb2efe60f4613e3a39a5199bd653376c06ad3b
This commit is contained in:
Jessica Lawshe 2023-11-16 10:17:36 -06:00 committed by Copybot
parent 7db5d761ea
commit 11ce29197b
2 changed files with 83 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
View file

@ -294,20 +294,34 @@ const TokenAccessHandler = {
tokenHashPrefix = tokenHashPrefix.replace('#', '').replace('%23', '')
}
const v1Format = /%2F[0-9]{7,8}%2F/
const isSuspectedV1Format = v1Format.test(tokenHashPrefix)
if (!tokenHashPrefix) {
hashPrefixStatus = 'missing'
} else {
const expectedHashPrefix = TokenAccessHandler.createTokenHashPrefix(token)
if (expectedHashPrefix === tokenHashPrefix) {
hashPrefixStatus = 'match'
} else if (isSuspectedV1Format) {
hashPrefixStatus = 'mismatch-v1-format'
} else {
hashPrefixStatus = 'mismatch'
}
}
if (hashPrefixStatus === 'mismatch') {
if (
hashPrefixStatus === 'mismatch' ||
hashPrefixStatus === 'mismatch-v1-format'
) {
logger.info(
{ tokenHashPrefix, hashPrefixStatus, userId, ...logData, type },
{
tokenHashPrefix,
hashPrefixStatus,
userId,
...logData,
type,
},
'mismatched token hash prefix'
)
}

72
services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js
View file

@ -661,7 +661,7 @@ describe('TokenAccessHandler', function () {
`#${prefix}`,
'readOnly',
userId,
projectId
{ projectId }
)
expect(this.Metrics.inc).to.have.been.calledWith(
@ -707,7 +707,7 @@ describe('TokenAccessHandler', function () {
undefined,
'readOnly',
userId,
projectId
{ projectId }
)
expect(this.Metrics.inc).to.have.been.calledWith(
@ -724,7 +724,7 @@ describe('TokenAccessHandler', function () {
'#',
'readOnly',
userId,
projectId
{ projectId }
)
expect(this.Metrics.inc).to.have.been.calledWith(
@ -735,7 +735,7 @@ describe('TokenAccessHandler', function () {
}
)
})
it('it handles encoded hashtags', function () {
it('handles encoded hashtags', function () {
const token = 'zxpxjrwdtsgd'
const prefix = this.TokenAccessHandler.createTokenHashPrefix(token)
@ -744,7 +744,7 @@ describe('TokenAccessHandler', function () {
`%23${prefix}`,
'readOnly',
userId,
projectId
{ projectId }
)
expect(this.Metrics.inc).to.have.been.calledWith(
@ -755,5 +755,67 @@ describe('TokenAccessHandler', function () {
}
)
})
it('sends "mismatch-v1-format" for suspected v1 URLs with 7 numbers in URL fragment', function () {
const token = '4112142489ddsbkrdzhxrq'
const prefix = '%2F1234567%2F'
this.TokenAccessHandler.checkTokenHashPrefix(
token,
`#${prefix}`,
'readAndWrite',
userId,
{ projectId }
)
expect(this.Metrics.inc).to.have.been.calledWith(
'link-sharing.hash-check',
{
path: 'readAndWrite',
status: 'mismatch-v1-format',
}
)
expect(this.logger.info).to.have.been.calledWith(
{
tokenHashPrefix: prefix,
hashPrefixStatus: 'mismatch-v1-format',
userId,
projectId,
type: 'readAndWrite',
},
'mismatched token hash prefix'
)
})
it('sends "mismatch-v1-format" for suspected v1 URLs with 8 numbers in URL fragment', function () {
const token = '4112142489ddsbkrdzhxrq'
const prefix = '%2F12345678%2F'
this.TokenAccessHandler.checkTokenHashPrefix(
token,
`#${prefix}`,
'readAndWrite',
userId,
{ projectId }
)
expect(this.Metrics.inc).to.have.been.calledWith(
'link-sharing.hash-check',
{
path: 'readAndWrite',
status: 'mismatch-v1-format',
}
)
expect(this.logger.info).to.have.been.calledWith(
{
tokenHashPrefix: prefix,
hashPrefixStatus: 'mismatch-v1-format',
userId,
projectId,
type: 'readAndWrite',
},
'mismatched token hash prefix'
)
})
})
})