Merge pull request #3179 from overleaf/jel-remove-sudo-mode

Remove SudoMode

GitOrigin-RevId: 9419f9b28e5051a1c5abd29f498f72448d1afd33
This commit is contained in:
Jessica Lawshe 2020-10-06 08:49:50 -05:00 committed by Copybot
parent 79bdc60743
commit 1ca50eeb98
16 changed files with 5 additions and 1419 deletions

View file

@ -16,7 +16,6 @@ const passport = require('passport')
const NotificationsBuilder = require('../Notifications/NotificationsBuilder')
const UrlHelper = require('../Helpers/UrlHelper')
const AsyncFormHelper = require('../Helpers/AsyncFormHelper')
const SudoModeHandler = require('../SudoMode/SudoModeHandler')
const _ = require('lodash')
const {
acceptsJson
@ -103,16 +102,8 @@ const AuthenticationController = {
if (err) {
return next(err)
}
SudoModeHandler.activateSudoMode(user._id, function(err) {
if (err) {
logger.err(
{ err, user_id: user._id },
'Error activating Sudo Mode on login, continuing'
)
}
AuthenticationController._clearRedirectFromSession(req)
AsyncFormHelper.redirect(req, res, redir)
})
AuthenticationController._clearRedirectFromSession(req)
AsyncFormHelper.redirect(req, res, redir)
})
})
},

View file

@ -1,118 +0,0 @@
/* eslint-disable
max-len,
no-unused-vars,
no-use-before-define,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* DS207: Consider shorter variations of null checks
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
let SudoModeController
const OError = require('@overleaf/o-error')
const logger = require('logger-sharelatex')
const SudoModeHandler = require('./SudoModeHandler')
const AuthenticationController = require('../Authentication/AuthenticationController')
const { ObjectId } = require('mongodb')
const UserGetter = require('../User/UserGetter')
const Settings = require('settings-sharelatex')
module.exports = SudoModeController = {
sudoModePrompt(req, res, next) {
if (req.externalAuthenticationSystemUsed() && Settings.overleaf == null) {
// TODO: maybe we should have audit logging on sudo mode, but if so, it
// probably belongs in an internal database and not stackdriver
logger.log({ userId }, '[SudoMode] using external auth, redirecting')
return res.redirect('/project')
}
var userId = AuthenticationController.getLoggedInUserId(req)
logger.log({ userId }, '[SudoMode] rendering sudo mode password page')
return SudoModeHandler.isSudoModeActive(userId, function(err, isActive) {
if (err != null) {
OError.tag(err, '[SudoMode] error checking if sudo mode is active', {
userId
})
return next(err)
}
if (isActive) {
logger.log(
{ userId },
'[SudoMode] sudo mode already active, redirecting'
)
return res.redirect('/project')
}
return res.render('sudo_mode/sudo_mode_prompt', {
title: 'confirm_password_to_continue'
})
})
},
submitPassword(req, res, next) {
const userId = AuthenticationController.getLoggedInUserId(req)
const redir =
AuthenticationController._getRedirectFromSession(req) || '/project'
const { password } = req.body
if (!password) {
logger.log(
{ userId },
'[SudoMode] no password supplied, failed authentication'
)
return next(new Error('no password supplied'))
}
logger.log({ userId, redir }, '[SudoMode] checking user password')
return UserGetter.getUser(ObjectId(userId), { email: 1 }, function(
err,
userRecord
) {
if (err != null) {
OError.tag(err, '[SudoMode] error getting user', {
userId
})
return next(err)
}
if (userRecord == null) {
err = new OError('[SudoMode] user not found', { userId })
return next(err)
}
return SudoModeHandler.authenticate(userRecord.email, password, function(
err,
user
) {
if (err != null) {
OError.tag(err, '[SudoMode] error authenticating user', {
userId
})
return next(err)
}
if (user != null) {
logger.log(
{ userId },
'[SudoMode] authenticated user, activating sudo mode'
)
return SudoModeHandler.activateSudoMode(userId, function(err) {
if (err != null) {
OError.tag(err, '[SudoMode] error activating sudo mode', {
userId
})
return next(err)
}
return res.json({
redir
})
})
} else {
logger.log({ userId }, '[SudoMode] authentication failed for user')
return res.json({
message: {
text: req.i18n.translate('invalid_password'),
type: 'error'
}
})
}
})
})
}
}

View file

@ -1,79 +0,0 @@
/* eslint-disable
handle-callback-err,
max-len,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* DS207: Consider shorter variations of null checks
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
let SudoModeHandler
const RedisWrapper = require('../../infrastructure/RedisWrapper')
const rclient = RedisWrapper.client('sudomode')
const logger = require('logger-sharelatex')
const AuthenticationManager = require('../Authentication/AuthenticationManager')
const TIMEOUT_IN_SECONDS = 60 * 60
module.exports = SudoModeHandler = {
_buildKey(userId) {
return `SudoMode:{${userId}}`
},
authenticate(email, password, callback) {
if (callback == null) {
callback = function() {}
}
AuthenticationManager.authenticate({ email }, password, callback)
},
activateSudoMode(userId, callback) {
if (callback == null) {
callback = function(err) {}
}
if (userId == null) {
return callback(new Error('[SudoMode] user must be supplied'))
}
const duration = TIMEOUT_IN_SECONDS
logger.log({ userId, duration }, '[SudoMode] activating sudo mode for user')
return rclient.set(
SudoModeHandler._buildKey(userId),
'1',
'EX',
duration,
callback
)
},
clearSudoMode(userId, callback) {
if (callback == null) {
callback = function(err) {}
}
if (userId == null) {
return callback(new Error('[SudoMode] user must be supplied'))
}
logger.log({ userId }, '[SudoMode] clearing sudo mode for user')
return rclient.del(SudoModeHandler._buildKey(userId), callback)
},
isSudoModeActive(userId, callback) {
if (callback == null) {
callback = function(err, isActive) {}
}
if (userId == null) {
return callback(new Error('[SudoMode] user must be supplied'))
}
return rclient.get(SudoModeHandler._buildKey(userId), function(
err,
result
) {
if (err != null) {
return callback(err)
}
return callback(null, result === '1')
})
}
}

View file

@ -1,52 +0,0 @@
/* eslint-disable
max-len,
no-unused-vars,
no-use-before-define,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* DS207: Consider shorter variations of null checks
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
let SudoModeMiddleware
const OError = require('@overleaf/o-error')
const logger = require('logger-sharelatex')
const SudoModeHandler = require('./SudoModeHandler')
const AuthenticationController = require('../Authentication/AuthenticationController')
const Settings = require('settings-sharelatex')
module.exports = SudoModeMiddleware = {
protectPage(req, res, next) {
if (req.externalAuthenticationSystemUsed() && Settings.overleaf == null) {
logger.log(
{ userId },
'[SudoMode] using external auth, skipping sudo-mode check'
)
return next()
}
var userId = AuthenticationController.getLoggedInUserId(req)
logger.log(
{ userId },
'[SudoMode] protecting endpoint, checking if sudo mode is active'
)
return SudoModeHandler.isSudoModeActive(userId, function(err, isActive) {
if (err != null) {
OError.tag(err, '[SudoMode] error checking if sudo mode is active', {
userId
})
return next(err)
}
if (isActive) {
logger.log({ userId }, '[SudoMode] sudo mode active, continuing')
return next()
} else {
logger.log({ userId }, '[SudoMode] sudo mode not active, redirecting')
AuthenticationController.setRedirectInSession(req)
return res.redirect('/confirm-password')
}
})
}
}

View file

@ -12,7 +12,6 @@ const Features = require('../../infrastructure/Features')
const UserAuditLogHandler = require('./UserAuditLogHandler')
const UserSessionsManager = require('./UserSessionsManager')
const UserUpdater = require('./UserUpdater')
const SudoModeHandler = require('../SudoMode/SudoModeHandler')
const Errors = require('../Errors/Errors')
const HttpErrorHandler = require('../Errors/HttpErrorHandler')
const OError = require('@overleaf/o-error')
@ -420,7 +419,6 @@ const UserController = {
}
if (user != null) {
UserSessionsManager.untrackSession(user, sessionId)
SudoModeHandler.clearSudoMode(user._id)
}
cb()
})

View file

@ -40,8 +40,6 @@ const ContactRouter = require('./Features/Contacts/ContactRouter')
const ReferencesController = require('./Features/References/ReferencesController')
const AuthorizationMiddleware = require('./Features/Authorization/AuthorizationMiddleware')
const BetaProgramController = require('./Features/BetaProgram/BetaProgramController')
const SudoModeController = require('./Features/SudoMode/SudoModeController')
const SudoModeMiddleware = require('./Features/SudoMode/SudoModeMiddleware')
const AnalyticsRouter = require('./Features/Analytics/AnalyticsRouter')
const MetaController = require('./Features/Metadata/MetaController')
const TokenAccessController = require('./Features/TokenAccess/TokenAccessController')
@ -113,7 +111,6 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
webRouter.get(
'/user/settings',
AuthenticationController.requireLogin(),
SudoModeMiddleware.protectPage,
UserPagesController.settingsPage
)
webRouter.post(
@ -199,7 +196,6 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
webRouter.get(
'/user/sessions',
AuthenticationController.requireLogin(),
SudoModeMiddleware.protectPage,
UserPagesController.sessionsPage
)
webRouter.post(
@ -860,21 +856,6 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
AuthenticationController.requireLogin(),
BetaProgramController.optOut
)
webRouter.get(
'/confirm-password',
AuthenticationController.requireLogin(),
SudoModeController.sudoModePrompt
)
webRouter.post(
'/confirm-password',
AuthenticationController.requireLogin(),
RateLimiterMiddleware.rateLimit({
endpointName: 'confirm-password',
maxRequests: 10,
timeInterval: 60
}),
SudoModeController.submitPassword
)
// New "api" endpoints. Started as a way for v1 to call over to v2 (for
// long-term features, as opposed to the nominally temporary ones in the

View file

@ -1,48 +0,0 @@
extends ../layout
block content
.content.content-alt
.container
.row
.col-md-8.col-md-offset-2.col-lg-6.col-lg-offset-3
.card
.page-header.text-centered
h2 #{translate('confirm_password_to_continue')}
div
.container-fluid
.row
.col-md-12
form(async-form="confirmPassword", name="confirmPassword",
action='/confirm-password', method="POST", ng-cloak)
input(name='_csrf', type='hidden', value=csrfToken)
form-messages(for="confirmPassword")
.form-group
label
| #{translate('password')}
input.form-control(
type='password',
name='password',
required,
placeholder='********',
ng-model="password"
)
span.small.text-primary(
ng-show="confirmPassword.password.$invalid && confirmPassword.password.$dirty"
)
| #{translate("required")}
.actions
button.btn-primary.btn(
style="width: 100%",
type='submit',
ng-disabled="confirmPassword.inflight"
)
span #{translate("confirm")}
.row.row-spaced-small
.col-md-12
p.text-centered
small
| #{translate('confirm_password_footer')}
p.text-centered
small #[a(href='/user/password/reset' target="_blank") Set or reset password]

View file

@ -17,8 +17,7 @@ describe('Deleting a user', function() {
async.series(
[
this.user.ensureUserExists.bind(this.user),
this.user.login.bind(this.user),
this.user.activateSudoMode.bind(this.user)
this.user.login.bind(this.user)
],
done
)

View file

@ -325,13 +325,7 @@ describe('Sessions', function() {
this.user3 = new User()
this.user3.email = this.user1.email
this.user3.password = this.user1.password
async.series(
[
this.user2.login.bind(this.user2),
this.user2.activateSudoMode.bind(this.user2)
],
done
)
async.series([this.user2.login.bind(this.user2)], done)
})
it('should allow the user to erase the other two sessions', function(done) {
@ -385,26 +379,6 @@ describe('Sessions', function() {
})
},
// enter sudo-mode
next => {
this.user2.getCsrfToken(err => {
expect(err).to.be.oneOf([null, undefined])
this.user2.request.post(
{
uri: '/confirm-password',
json: {
password: this.user2.password
}
},
(err, response, body) => {
expect(err).to.be.oneOf([null, undefined])
expect(response.statusCode).to.equal(200)
next()
}
)
})
},
// check the sessions page
next => {
this.user2.request.get(

View file

@ -34,8 +34,7 @@ describe('SettingsPage', function() {
cb => {
MockV1Api.setUser(this.v1Id, this.v1User)
return cb()
},
this.user.activateSudoMode.bind(this.user)
}
],
done
)

View file

@ -573,23 +573,6 @@ class User {
})
}
activateSudoMode(callback) {
this.getCsrfToken(error => {
if (error != null) {
return callback(error)
}
this.request.post(
{
uri: '/confirm-password',
json: {
password: this.password
}
},
callback
)
})
}
updateSettings(newSettings, callback) {
this.getCsrfToken(error => {
if (error != null) {

View file

@ -67,9 +67,6 @@ describe('AuthenticationController', function() {
'../../infrastructure/Modules': (this.Modules = {
hooks: { fire: sinon.stub().yields(null, []) }
}),
'../SudoMode/SudoModeHandler': (this.SudoModeHandler = {
activateSudoMode: sinon.stub().callsArgWith(1, null)
}),
'../Notifications/NotificationsBuilder': (this.NotificationsBuilder = {
ipMatcherAffiliation: sinon.stub()
}),

View file

@ -1,457 +0,0 @@
/* eslint-disable
max-len,
no-return-assign,
no-unused-vars,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const SandboxedModule = require('sandboxed-module')
const sinon = require('sinon')
const should = require('chai').should()
const { expect } = require('chai')
const MockRequest = require('../helpers/MockRequest')
const MockResponse = require('../helpers/MockResponse')
const modulePath = '../../../../app/src/Features/SudoMode/SudoModeController'
describe('SudoModeController', function() {
beforeEach(function() {
this.user = {
_id: 'abcd',
email: 'user@example.com'
}
this.UserGetter = { getUser: sinon.stub().callsArgWith(2, null, this.user) }
this.SudoModeHandler = {
authenticate: sinon.stub(),
isSudoModeActive: sinon.stub(),
activateSudoMode: sinon.stub()
}
this.AuthenticationController = {
getLoggedInUserId: sinon.stub().returns(this.user._id),
_getRediretFromSession: sinon.stub()
}
this.UserGetter = { getUser: sinon.stub() }
return (this.SudoModeController = SandboxedModule.require(modulePath, {
globals: {
console: console
},
requires: {
'logger-sharelatex': {
log: sinon.stub(),
warn: sinon.stub(),
err: sinon.stub()
},
'./SudoModeHandler': this.SudoModeHandler,
'../Authentication/AuthenticationController': this
.AuthenticationController,
mongodb: {
ObjectId() {
return 'some_object_id'
}
},
'../User/UserGetter': this.UserGetter,
'settings-sharelatex': (this.Settings = {})
}
}))
})
describe('sudoModePrompt', function() {
beforeEach(function() {
this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, null, false)
this.req = {
externalAuthenticationSystemUsed: sinon.stub().returns(false)
}
this.res = { redirect: sinon.stub(), render: sinon.stub() }
return (this.next = sinon.stub())
})
it('should get the logged in user id', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
this.AuthenticationController.getLoggedInUserId.callCount.should.equal(1)
return this.AuthenticationController.getLoggedInUserId
.calledWith(this.req)
.should.equal(true)
})
it('should check if sudo-mode is active', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
this.SudoModeHandler.isSudoModeActive.callCount.should.equal(1)
return this.SudoModeHandler.isSudoModeActive
.calledWith(this.user._id)
.should.equal(true)
})
it('should redirect when sudo-mode is active', function() {
this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, null, true)
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
this.res.redirect.callCount.should.equal(1)
return this.res.redirect.calledWith('/project').should.equal(true)
})
it('should render the sudo_mode_prompt page when sudo mode is not active', function() {
this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, null, false)
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
this.res.render.callCount.should.equal(1)
return this.res.render
.calledWith('sudo_mode/sudo_mode_prompt')
.should.equal(true)
})
describe('when isSudoModeActive produces an error', function() {
beforeEach(function() {
this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, new Error('woops'))
return (this.next = sinon.stub())
})
it('should call next with an error', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
this.next.callCount.should.equal(1)
return expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
})
it('should not render page', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
return this.res.render.callCount.should.equal(0)
})
})
describe('when external auth system is used', function() {
beforeEach(function() {
return (this.req.externalAuthenticationSystemUsed = sinon
.stub()
.returns(true))
})
it('should redirect', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
this.res.redirect.callCount.should.equal(1)
return this.res.redirect.calledWith('/project').should.equal(true)
})
it('should not check if sudo mode is active', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
return this.SudoModeHandler.isSudoModeActive.callCount.should.equal(0)
})
it('should not render page', function() {
this.SudoModeController.sudoModePrompt(this.req, this.res, this.next)
return this.res.render.callCount.should.equal(0)
})
})
})
describe('submitPassword', function() {
beforeEach(function() {
this.AuthenticationController._getRedirectFromSession = sinon
.stub()
.returns('/somewhere')
this.UserGetter.getUser = sinon.stub().callsArgWith(2, null, this.user)
this.SudoModeHandler.authenticate = sinon
.stub()
.callsArgWith(2, null, this.user)
this.SudoModeHandler.activateSudoMode = sinon.stub().callsArgWith(1, null)
this.password = 'a_terrible_secret'
this.req = { body: { password: this.password } }
this.res = { json: sinon.stub() }
return (this.next = sinon.stub())
})
describe('when all goes well', function() {
beforeEach(function() {})
it('should get the logged in user id', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.AuthenticationController.getLoggedInUserId.callCount.should.equal(
1
)
return this.AuthenticationController.getLoggedInUserId
.calledWith(this.req)
.should.equal(true)
})
it('should get redirect from session', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.AuthenticationController._getRedirectFromSession.callCount.should.equal(
1
)
return this.AuthenticationController._getRedirectFromSession
.calledWith(this.req)
.should.equal(true)
})
it('should get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.UserGetter.getUser.callCount.should.equal(1)
return this.UserGetter.getUser
.calledWith('some_object_id', { email: 1 })
.should.equal(true)
})
it('should try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.SudoModeHandler.authenticate.callCount.should.equal(1)
return this.SudoModeHandler.authenticate
.calledWith(this.user.email, this.password)
.should.equal(true)
})
it('should activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.SudoModeHandler.activateSudoMode.callCount.should.equal(1)
return this.SudoModeHandler.activateSudoMode
.calledWith(this.user._id)
.should.equal(true)
})
it('should send back a json response', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.res.json.callCount.should.equal(1)
return this.res.json
.calledWith({ redir: '/somewhere' })
.should.equal(true)
})
it('should not call next', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.next.callCount.should.equal(0)
})
describe('when no password is supplied', function() {
beforeEach(function() {
this.req.body.password = ''
return (this.next = sinon.stub())
})
it('should return next with an error', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.next.callCount.should.equal(1)
return expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
})
it('should not get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.UserGetter.getUser.callCount.should.equal(0)
})
it('should not try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.authenticate.callCount.should.equal(0)
})
it('should not activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.activateSudoMode.callCount.should.equal(0)
})
it('should not send back a json response', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.res.json.callCount.should.equal(0)
})
})
describe('when getUser produces an error', function() {
beforeEach(function() {
this.UserGetter.getUser = sinon
.stub()
.callsArgWith(2, new Error('woops'))
return (this.next = sinon.stub())
})
it('should return next with an error', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.next.callCount.should.equal(1)
return expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
})
it('should get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.UserGetter.getUser.callCount.should.equal(1)
return this.UserGetter.getUser
.calledWith('some_object_id', { email: 1 })
.should.equal(true)
})
it('should not try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.authenticate.callCount.should.equal(0)
})
it('should not activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.activateSudoMode.callCount.should.equal(0)
})
it('should not send back a json response', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.res.json.callCount.should.equal(0)
})
})
describe('when getUser does not find a user', function() {
beforeEach(function() {
this.UserGetter.getUser = sinon.stub().callsArgWith(2, null, null)
return (this.next = sinon.stub())
})
it('should return next with an error', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.next.callCount.should.equal(1)
return expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
})
it('should get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.UserGetter.getUser.callCount.should.equal(1)
return this.UserGetter.getUser
.calledWith('some_object_id', { email: 1 })
.should.equal(true)
})
it('should not try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.authenticate.callCount.should.equal(0)
})
it('should not activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.activateSudoMode.callCount.should.equal(0)
})
it('should not send back a json response', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.res.json.callCount.should.equal(0)
})
})
describe('when authentication fails', function() {
beforeEach(function() {
this.SudoModeHandler.authenticate = sinon
.stub()
.callsArgWith(2, null, null)
this.res.json = sinon.stub()
return (this.req.i18n = { translate: sinon.stub() })
})
it('should send back a failure message', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.res.json.callCount.should.equal(1)
expect(this.res.json.lastCall.args[0]).to.have.keys(['message'])
expect(this.res.json.lastCall.args[0].message).to.have.keys([
'text',
'type'
])
this.req.i18n.translate.callCount.should.equal(1)
return this.req.i18n.translate.calledWith('invalid_password')
})
it('should get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.UserGetter.getUser.callCount.should.equal(1)
return this.UserGetter.getUser
.calledWith('some_object_id', { email: 1 })
.should.equal(true)
})
it('should try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.SudoModeHandler.authenticate.callCount.should.equal(1)
return this.SudoModeHandler.authenticate
.calledWith(this.user.email, this.password)
.should.equal(true)
})
it('should not activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.activateSudoMode.callCount.should.equal(0)
})
})
describe('when authentication produces an error', function() {
beforeEach(function() {
this.SudoModeHandler.authenticate = sinon
.stub()
.callsArgWith(2, new Error('woops'))
return (this.next = sinon.stub())
})
it('should return next with an error', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.next.callCount.should.equal(1)
return expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
})
it('should get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.UserGetter.getUser.callCount.should.equal(1)
return this.UserGetter.getUser
.calledWith('some_object_id', { email: 1 })
.should.equal(true)
})
it('should try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.SudoModeHandler.authenticate.callCount.should.equal(1)
return this.SudoModeHandler.authenticate
.calledWith(this.user.email, this.password)
.should.equal(true)
})
it('should not activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
return this.SudoModeHandler.activateSudoMode.callCount.should.equal(0)
})
})
describe('when sudo mode activation produces an error', function() {
beforeEach(function() {
this.SudoModeHandler.activateSudoMode = sinon
.stub()
.callsArgWith(1, new Error('woops'))
return (this.next = sinon.stub())
})
it('should return next with an error', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.next.callCount.should.equal(1)
return expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
})
it('should get the user from storage', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.UserGetter.getUser.callCount.should.equal(1)
return this.UserGetter.getUser
.calledWith('some_object_id', { email: 1 })
.should.equal(true)
})
it('should try to authenticate the user with the password', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.SudoModeHandler.authenticate.callCount.should.equal(1)
return this.SudoModeHandler.authenticate
.calledWith(this.user.email, this.password)
.should.equal(true)
})
it('should have tried to activate sudo mode', function() {
this.SudoModeController.submitPassword(this.req, this.res, this.next)
this.SudoModeHandler.activateSudoMode.callCount.should.equal(1)
return this.SudoModeHandler.activateSudoMode
.calledWith(this.user._id)
.should.equal(true)
})
})
})
})
})

View file

@ -1,329 +0,0 @@
/* eslint-disable
handle-callback-err,
max-len,
no-return-assign,
no-unused-vars,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const SandboxedModule = require('sandboxed-module')
const assert = require('assert')
require('chai').should()
const { expect } = require('chai')
const sinon = require('sinon')
const modulePath = require('path').join(
__dirname,
'../../../../app/src/Features/SudoMode/SudoModeHandler'
)
describe('SudoModeHandler', function() {
beforeEach(function() {
this.userId = 'some_user_id'
this.email = 'someuser@example.com'
this.user = {
_id: this.userId,
email: this.email
}
this.rclient = { get: sinon.stub(), set: sinon.stub(), del: sinon.stub() }
this.RedisWrapper = { client: () => this.rclient }
return (this.SudoModeHandler = SandboxedModule.require(modulePath, {
globals: {
console: console
},
requires: {
'../../infrastructure/RedisWrapper': this.RedisWrapper,
'logger-sharelatex': (this.logger = {
log: sinon.stub(),
err: sinon.stub()
}),
'../Authentication/AuthenticationManager': (this.AuthenticationManager = {}),
'settings-sharelatex': (this.Settings = {}),
'../V1/V1Handler': (this.V1Handler = { authWithV1: sinon.stub() }),
'../User/UserGetter': (this.UserGetter = { getUser: sinon.stub() })
}
}))
})
describe('_buildKey', function() {
it('should build a properly formed key', function() {
return expect(this.SudoModeHandler._buildKey('123')).to.equal(
'SudoMode:{123}'
)
})
})
describe('activateSudoMode', function() {
beforeEach(function() {
return (this.call = cb => {
return this.SudoModeHandler.activateSudoMode(this.userId, cb)
})
})
describe('when all goes well', function() {
beforeEach(function() {
return (this.rclient.set = sinon.stub().callsArgWith(4, null))
})
it('should not produce an error', function(done) {
return this.call(err => {
expect(err).to.equal(null)
return done()
})
})
it('should set a value in redis', function(done) {
return this.call(err => {
expect(this.rclient.set.callCount).to.equal(1)
expect(
this.rclient.set.calledWith(
'SudoMode:{some_user_id}',
'1',
'EX',
60 * 60
)
).to.equal(true)
return done()
})
})
})
describe('when user id is not supplied', function() {
beforeEach(function() {
return (this.call = cb => {
return this.SudoModeHandler.activateSudoMode(null, cb)
})
})
it('should produce an error', function(done) {
return this.call(err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
return done()
})
})
it('should not set value in redis', function(done) {
return this.call(err => {
expect(this.rclient.set.callCount).to.equal(0)
return done()
})
})
})
describe('when rclient.set produces an error', function() {
beforeEach(function() {
return (this.rclient.set = sinon
.stub()
.callsArgWith(4, new Error('woops')))
})
it('should produce an error', function(done) {
return this.call(err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
return done()
})
})
})
})
describe('clearSudoMode', function() {
beforeEach(function() {
this.rclient.del = sinon.stub().callsArgWith(1, null)
return (this.call = cb => {
return this.SudoModeHandler.clearSudoMode(this.userId, cb)
})
})
it('should not produce an error', function(done) {
return this.call(err => {
expect(err).to.equal(null)
return done()
})
})
it('should delete key from redis', function(done) {
return this.call(err => {
expect(this.rclient.del.callCount).to.equal(1)
expect(this.rclient.del.calledWith('SudoMode:{some_user_id}')).to.equal(
true
)
return done()
})
})
describe('when rclient.del produces an error', function() {
beforeEach(function() {
return (this.rclient.del = sinon
.stub()
.callsArgWith(1, new Error('woops')))
})
it('should produce an error', function(done) {
return this.call(err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
return done()
})
})
})
describe('when user id is not supplied', function() {
beforeEach(function() {
return (this.call = cb => {
return this.SudoModeHandler.clearSudoMode(null, cb)
})
})
it('should produce an error', function(done) {
return this.call(err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
return done()
})
})
it('should not delete value in redis', function(done) {
return this.call(err => {
expect(this.rclient.del.callCount).to.equal(0)
return done()
})
})
})
})
describe('authenticate', function() {
beforeEach(function() {
return (this.AuthenticationManager.authenticate = sinon
.stub()
.callsArgWith(2, null, this.user))
})
it('should call AuthenticationManager.authenticate', function(done) {
return this.SudoModeHandler.authenticate(
this.email,
'password',
(err, user) => {
expect(err).to.not.exist
expect(user).to.exist
expect(user).to.deep.equal(this.user)
expect(this.AuthenticationManager.authenticate.callCount).to.equal(1)
return done()
}
)
})
})
describe('isSudoModeActive', function() {
beforeEach(function() {
return (this.call = cb => {
return this.SudoModeHandler.isSudoModeActive(this.userId, cb)
})
})
describe('when sudo-mode is active for that user', function() {
beforeEach(function() {
return (this.rclient.get = sinon.stub().callsArgWith(1, null, '1'))
})
it('should not produce an error', function(done) {
return this.call((err, isActive) => {
expect(err).to.equal(null)
return done()
})
})
it('should get the value from redis', function(done) {
return this.call((err, isActive) => {
expect(this.rclient.get.callCount).to.equal(1)
expect(
this.rclient.get.calledWith('SudoMode:{some_user_id}')
).to.equal(true)
return done()
})
})
it('should produce a true result', function(done) {
return this.call((err, isActive) => {
expect(isActive).to.equal(true)
return done()
})
})
})
describe('when sudo-mode is not active for that user', function() {
beforeEach(function() {
return (this.rclient.get = sinon.stub().callsArgWith(1, null, null))
})
it('should not produce an error', function(done) {
return this.call((err, isActive) => {
expect(err).to.equal(null)
return done()
})
})
it('should get the value from redis', function(done) {
return this.call((err, isActive) => {
expect(this.rclient.get.callCount).to.equal(1)
expect(
this.rclient.get.calledWith('SudoMode:{some_user_id}')
).to.equal(true)
return done()
})
})
it('should produce a false result', function(done) {
return this.call((err, isActive) => {
expect(isActive).to.equal(false)
return done()
})
})
})
describe('when rclient.get produces an error', function() {
beforeEach(function() {
return (this.rclient.get = sinon
.stub()
.callsArgWith(1, new Error('woops')))
})
it('should produce an error', function(done) {
return this.call((err, isActive) => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
expect(isActive).to.be.oneOf([null, undefined])
return done()
})
})
})
describe('when user id is not supplied', function() {
beforeEach(function() {
return (this.call = cb => {
return this.SudoModeHandler.isSudoModeActive(null, cb)
})
})
it('should produce an error', function(done) {
return this.call(err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
return done()
})
})
it('should not get value in redis', function(done) {
return this.call(err => {
expect(this.rclient.get.callCount).to.equal(0)
return done()
})
})
})
})
})

View file

@ -1,233 +0,0 @@
/* eslint-disable
max-len,
no-return-assign,
no-unused-vars,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const SandboxedModule = require('sandboxed-module')
const assert = require('assert')
require('chai').should()
const { expect } = require('chai')
const sinon = require('sinon')
const modulePath = require('path').join(
__dirname,
'../../../../app/src/Features/SudoMode/SudoModeMiddleware'
)
describe('SudoModeMiddleware', function() {
beforeEach(function() {
this.userId = 'some_user_id'
this.SudoModeHandler = { isSudoModeActive: sinon.stub() }
this.AuthenticationController = {
getLoggedInUserId: sinon.stub().returns(this.userId),
setRedirectInSession: sinon.stub()
}
return (this.SudoModeMiddleware = SandboxedModule.require(modulePath, {
globals: {
console: console
},
requires: {
'./SudoModeHandler': this.SudoModeHandler,
'../Authentication/AuthenticationController': this
.AuthenticationController,
'logger-sharelatex': {
log: sinon.stub(),
warn: sinon.stub(),
err: sinon.stub()
},
'settings-sharelatex': (this.Settings = {})
}
}))
})
describe('protectPage', function() {
beforeEach(function() {
this.externalAuth = false
return (this.call = cb => {
this.req = {
externalAuthenticationSystemUsed: sinon
.stub()
.returns(this.externalAuth)
}
this.res = { redirect: sinon.stub() }
this.next = sinon.stub()
this.SudoModeMiddleware.protectPage(this.req, this.res, this.next)
return cb()
})
})
describe('when sudo mode is active', function() {
beforeEach(function() {
this.AuthenticationController.getLoggedInUserId = sinon
.stub()
.returns(this.userId)
return (this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, null, true))
})
it('should get the current user id', function(done) {
return this.call(() => {
this.AuthenticationController.getLoggedInUserId.callCount.should.equal(
1
)
return done()
})
})
it('should check if sudo-mode is active', function(done) {
return this.call(() => {
this.SudoModeHandler.isSudoModeActive.callCount.should.equal(1)
this.SudoModeHandler.isSudoModeActive
.calledWith(this.userId)
.should.equal(true)
return done()
})
})
it('should call next', function(done) {
return this.call(() => {
this.next.callCount.should.equal(1)
expect(this.next.lastCall.args[0]).to.equal(undefined)
return done()
})
})
})
describe('when sudo mode is not active', function() {
beforeEach(function() {
this.AuthenticationController.setRedirectInSession = sinon.stub()
this.AuthenticationController.getLoggedInUserId = sinon
.stub()
.returns(this.userId)
return (this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, null, false))
})
it('should get the current user id', function(done) {
return this.call(() => {
this.AuthenticationController.getLoggedInUserId.callCount.should.equal(
1
)
return done()
})
})
it('should check if sudo-mode is active', function(done) {
return this.call(() => {
this.SudoModeHandler.isSudoModeActive.callCount.should.equal(1)
this.SudoModeHandler.isSudoModeActive
.calledWith(this.userId)
.should.equal(true)
return done()
})
})
it('should set redirect in session', function(done) {
return this.call(() => {
this.AuthenticationController.setRedirectInSession.callCount.should.equal(
1
)
this.AuthenticationController.setRedirectInSession
.calledWith(this.req)
.should.equal(true)
return done()
})
})
it('should redirect to the password-prompt page', function(done) {
return this.call(() => {
this.res.redirect.callCount.should.equal(1)
this.res.redirect.calledWith('/confirm-password').should.equal(true)
return done()
})
})
})
describe('when isSudoModeActive produces an error', function() {
beforeEach(function() {
this.AuthenticationController.getLoggedInUserId = sinon
.stub()
.returns(this.userId)
return (this.SudoModeHandler.isSudoModeActive = sinon
.stub()
.callsArgWith(1, new Error('woops')))
})
it('should get the current user id', function(done) {
return this.call(() => {
this.AuthenticationController.getLoggedInUserId.callCount.should.equal(
1
)
return done()
})
})
it('should check if sudo-mode is active', function(done) {
return this.call(() => {
this.SudoModeHandler.isSudoModeActive.callCount.should.equal(1)
this.SudoModeHandler.isSudoModeActive
.calledWith(this.userId)
.should.equal(true)
return done()
})
})
it('should call next with an error', function(done) {
return this.call(() => {
this.next.callCount.should.equal(1)
expect(this.next.lastCall.args[0]).to.be.instanceof(Error)
return done()
})
})
})
describe('when external auth is being used', function() {
beforeEach(function() {
this.externalAuth = true
return (this.call = cb => {
this.req = {
externalAuthenticationSystemUsed: sinon
.stub()
.returns(this.externalAuth)
}
this.res = { redirect: sinon.stub() }
this.next = sinon.stub()
this.SudoModeMiddleware.protectPage(this.req, this.res, this.next)
return cb()
})
})
it('should immediately return next with no args', function(done) {
return this.call(() => {
this.next.callCount.should.equal(1)
expect(this.next.lastCall.args[0]).to.not.exist
return done()
})
})
it('should not get the current user id', function(done) {
return this.call(() => {
this.AuthenticationController.getLoggedInUserId.callCount.should.equal(
0
)
return done()
})
})
it('should not check if sudo-mode is active', function(done) {
return this.call(() => {
this.SudoModeHandler.isSudoModeActive.callCount.should.equal(0)
return done()
})
})
})
})
})

View file

@ -77,7 +77,6 @@ describe('UserController', function() {
revokeAllUserSessions: sinon.stub().resolves()
}
}
this.SudoModeHandler = { clearSudoMode: sinon.stub() }
this.HttpErrorHandler = {
badRequest: sinon.stub(),
conflict: sinon.stub(),
@ -113,7 +112,6 @@ describe('UserController', function() {
}),
'./UserHandler': this.UserHandler,
'./UserSessionsManager': this.UserSessionsManager,
'../SudoMode/SudoModeHandler': this.SudoModeHandler,
'../Errors/HttpErrorHandler': this.HttpErrorHandler,
'settings-sharelatex': this.settings,
'logger-sharelatex': (this.logger = {
@ -495,24 +493,8 @@ describe('UserController', function() {
this.UserController.logout(this.req, this.res)
})
it('should clear sudo-mode', function(done) {
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.SudoModeHandler.clearSudoMode = sinon.stub()
this.res.redirect = url => {
url.should.equal('/login')
this.SudoModeHandler.clearSudoMode.callCount.should.equal(1)
this.SudoModeHandler.clearSudoMode
.calledWith(this.user._id)
.should.equal(true)
done()
}
this.UserController.logout(this.req, this.res)
})
it('should untrack session', function(done) {
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.SudoModeHandler.clearSudoMode = sinon.stub()
this.res.redirect = url => {
url.should.equal('/login')
this.UserSessionsManager.untrackSession.callCount.should.equal(1)
@ -528,7 +510,6 @@ describe('UserController', function() {
it('should redirect after logout', function(done) {
this.req.body.redirect = '/institutional-login'
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.SudoModeHandler.clearSudoMode = sinon.stub()
this.res.redirect = url => {
url.should.equal(this.req.body.redirect)
done()
@ -538,7 +519,6 @@ describe('UserController', function() {
it('should redirect to login after logout when no redirect set', function(done) {
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.SudoModeHandler.clearSudoMode = sinon.stub()
this.res.redirect = url => {
url.should.equal('/login')
done()