github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #15429 from overleaf/jel-token-hash-metrics

Browse source 
[web] Log mismatched link sharing token hash prefixes

GitOrigin-RevId: 5ba690f4209987fccef859c858686c465e972f62
This commit is contained in:
Jessica Lawshe 2023-10-26 08:18:05 -05:00 committed by Copybot
parent 2d552f27e2
commit 16e859e40a
2 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
View file

@ -290,17 +290,28 @@ const TokenAccessHandler = {
checkTokenHashPrefix(token, tokenHashPrefix, type) { checkTokenHashPrefix(token, tokenHashPrefix, type) {
let hashPrefixStatus let hashPrefixStatus
if (tokenHashPrefix) {
tokenHashPrefix = tokenHashPrefix.replace('#', '')
}
if (!tokenHashPrefix) { if (!tokenHashPrefix) {
hashPrefixStatus = 'missing' hashPrefixStatus = 'missing'
} else { } else {
const hashPrefix = TokenAccessHandler.createTokenHashPrefix(token) const expectedHashPrefix = TokenAccessHandler.createTokenHashPrefix(token)
if (hashPrefix === tokenHashPrefix.replace('#', '')) { if (expectedHashPrefix === tokenHashPrefix) {
hashPrefixStatus = 'match' hashPrefixStatus = 'match'
} else { } else {
hashPrefixStatus = 'mismatch' hashPrefixStatus = 'mismatch'
} }
} }
if (hashPrefixStatus === 'mismatch') {
logger.info(
{ tokenHashPrefix, hashPrefixStatus },
'mismatched token hash prefix'
)
}
Metrics.inc('link-sharing.hash-check', { Metrics.inc('link-sharing.hash-check', {
path: type, path: type,
status: hashPrefixStatus, status: hashPrefixStatus,

28
services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js
View file

@ -654,7 +654,11 @@ describe('TokenAccessHandler', function () {
const token = 'zxpxjrwdtsgd' const token = 'zxpxjrwdtsgd'
const prefix = this.TokenAccessHandler.createTokenHashPrefix(token) const prefix = this.TokenAccessHandler.createTokenHashPrefix(token)
this.TokenAccessHandler.checkTokenHashPrefix(token, prefix, 'readOnly') this.TokenAccessHandler.checkTokenHashPrefix(
token,
`#${prefix}`,
'readOnly'
)
expect(this.Metrics.inc).to.have.been.calledWith( expect(this.Metrics.inc).to.have.been.calledWith(
'link-sharing.hash-check', 'link-sharing.hash-check',
@ -667,10 +671,9 @@ describe('TokenAccessHandler', function () {
it('sends "mismatch" to metrics when prefix does not match the prefix of the hash of the token', function () { it('sends "mismatch" to metrics when prefix does not match the prefix of the hash of the token', function () {
const token = 'zxpxjrwdtsgd' const token = 'zxpxjrwdtsgd'
const prefix = this.TokenAccessHandler.createTokenHashPrefix(token) const prefix = this.TokenAccessHandler.createTokenHashPrefix(token)
this.TokenAccessHandler.checkTokenHashPrefix( this.TokenAccessHandler.checkTokenHashPrefix(
'anothertoken', 'anothertoken',
prefix, `#${prefix}`,
'readOnly' 'readOnly'
) )
@ -681,6 +684,10 @@ describe('TokenAccessHandler', function () {
status: 'mismatch', status: 'mismatch',
} }
) )
expect(this.logger.info).to.have.been.calledWith(
{ tokenHashPrefix: prefix, hashPrefixStatus: 'mismatch' },
'mismatched token hash prefix'
)
}) })
it('sends "missing" to metrics when prefix is undefined', function () { it('sends "missing" to metrics when prefix is undefined', function () {
this.TokenAccessHandler.checkTokenHashPrefix( this.TokenAccessHandler.checkTokenHashPrefix(
@ -689,6 +696,21 @@ describe('TokenAccessHandler', function () {
'readOnly' 'readOnly'
) )
expect(this.Metrics.inc).to.have.been.calledWith(
'link-sharing.hash-check',
{
path: 'readOnly',
status: 'missing',
}
)
})
it('sends "missing" to metrics when URL hash is sent as "#" only', function () {
this.TokenAccessHandler.checkTokenHashPrefix(
'anothertoken',
'#',
'readOnly'
)
expect(this.Metrics.inc).to.have.been.calledWith( expect(this.Metrics.inc).to.have.been.calledWith(
'link-sharing.hash-check', 'link-sharing.hash-check',
{ {