mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #2750 from overleaf/ta-activate-finish-login
Don't Bypass FinishLogin on Password Reset GitOrigin-RevId: 92567c893afb4aa64fa045151678d33c877d8f71
This commit is contained in:
Eric Mc Sween
Copybot
parent
12793d8139
commit
1dc325d1c7
4 changed files with 28 additions and 39 deletions
|
|
@ -94,31 +94,22 @@ module.exports = {
|
||||||
if (err != null) {
|
if (err != null) {
|
||||||
return next(err)
|
return next(err)
|
||||||
}
|
}
|
||||||
if (!req.body.login_after) {
|
if (!req.session.doLoginAfterPasswordReset) {
|
||||||
return res.sendStatus(200)
|
return res.sendStatus(200)
|
||||||
}
|
}
|
||||||
UserGetter.getUser(userId, { email: 1 }, (err, user) => {
|
UserGetter.getUser(userId, (err, user) => {
|
||||||
if (err != null) {
|
if (err != null) {
|
||||||
return next(err)
|
return next(err)
|
||||||
}
|
}
|
||||||
AuthenticationController.afterLoginSessionSetup(
|
AuthenticationController.finishLogin(user, req, res, err => {
|
||||||
req,
|
|
||||||
user,
|
|
||||||
err => {
|
|
||||||
if (err != null) {
|
if (err != null) {
|
||||||
logger.err(
|
logger.err(
|
||||||
{ err, email: user.email },
|
{ err, email: user.email },
|
||||||
'Error setting up session after setting password'
|
'Error setting up session after setting password'
|
||||||
)
|
)
|
||||||
return next(err)
|
|
||||||
}
|
}
|
||||||
res.json({
|
next(err)
|
||||||
redir:
|
|
||||||
AuthenticationController._getRedirectFromSession(req) ||
|
|
||||||
'/project'
|
|
||||||
})
|
})
|
||||||
}
|
|
||||||
)
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -54,6 +54,7 @@ const UserPagesController = {
|
||||||
// as a way to log in which, if I know our users, they will.
|
// as a way to log in which, if I know our users, they will.
|
||||||
res.redirect(`/login?email=${encodeURIComponent(user.email)}`)
|
res.redirect(`/login?email=${encodeURIComponent(user.email)}`)
|
||||||
} else {
|
} else {
|
||||||
|
req.session.doLoginAfterPasswordReset = true
|
||||||
res.render('user/activate', {
|
res.render('user/activate', {
|
||||||
title: 'activate_account',
|
title: 'activate_account',
|
||||||
email: user.email,
|
email: user.email,
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ block content
|
||||||
name="passwordResetToken",
|
name="passwordResetToken",
|
||||||
value=token
|
value=token
|
||||||
)
|
)
|
||||||
input(name='login_after', type='hidden', value="true")
|
|
||||||
.alert.alert-danger(ng-show="activationForm.response.error")
|
.alert.alert-danger(ng-show="activationForm.response.error")
|
||||||
| #{translate("activation_token_expired")}
|
| #{translate("activation_token_expired")}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
const SandboxedModule = require('sandboxed-module')
|
const SandboxedModule = require('sandboxed-module')
|
||||||
const path = require('path')
|
const path = require('path')
|
||||||
const sinon = require('sinon')
|
const sinon = require('sinon')
|
||||||
|
const { expect } = require('chai')
|
||||||
|
|
||||||
const MODULE_PATH = path.join(
|
const MODULE_PATH = path.join(
|
||||||
__dirname,
|
__dirname,
|
||||||
|
|
@ -258,35 +259,32 @@ describe('PasswordResetController', function() {
|
||||||
this.PasswordResetController.setNewUserPassword(this.req, this.res)
|
this.PasswordResetController.setNewUserPassword(this.req, this.res)
|
||||||
})
|
})
|
||||||
|
|
||||||
describe('when login_after is set', function() {
|
describe('when doLoginAfterPasswordReset is set', function() {
|
||||||
beforeEach(function() {
|
beforeEach(function() {
|
||||||
this.UserGetter.getUser = sinon
|
this.UserGetter.getUser = sinon
|
||||||
.stub()
|
.stub()
|
||||||
.callsArgWith(2, null, { email: 'joe@example.com' })
|
.callsArgWith(1, null, { email: 'joe@example.com' })
|
||||||
this.req.body.login_after = 'true'
|
this.req.session.doLoginAfterPasswordReset = 'true'
|
||||||
this.res.json = sinon.stub()
|
this.res.json = sinon.stub()
|
||||||
this.AuthenticationController.afterLoginSessionSetup = sinon
|
this.AuthenticationController.finishLogin = sinon.stub().yields()
|
||||||
.stub()
|
|
||||||
.callsArgWith(2, null)
|
|
||||||
this.AuthenticationController._getRedirectFromSession = sinon
|
this.AuthenticationController._getRedirectFromSession = sinon
|
||||||
.stub()
|
.stub()
|
||||||
.returns('/some/path')
|
.returns('/some/path')
|
||||||
})
|
})
|
||||||
|
|
||||||
it('should login user if login_after is set', function(done) {
|
it('should login user', function(done) {
|
||||||
this.PasswordResetController.setNewUserPassword(this.req, this.res)
|
this.PasswordResetController.setNewUserPassword(
|
||||||
this.AuthenticationController.afterLoginSessionSetup.callCount.should.equal(
|
this.req,
|
||||||
1
|
this.res,
|
||||||
)
|
err => {
|
||||||
this.AuthenticationController.afterLoginSessionSetup
|
expect(err).to.not.exist
|
||||||
.calledWith(this.req, { email: 'joe@example.com' })
|
this.AuthenticationController.finishLogin.callCount.should.equal(1)
|
||||||
|
this.AuthenticationController.finishLogin
|
||||||
|
.calledWith({ email: 'joe@example.com' }, this.req)
|
||||||
.should.equal(true)
|
.should.equal(true)
|
||||||
this.AuthenticationController._getRedirectFromSession.callCount.should.equal(
|
|
||||||
1
|
|
||||||
)
|
|
||||||
this.res.json.callCount.should.equal(1)
|
|
||||||
this.res.json.calledWith({ redir: '/some/path' }).should.equal(true)
|
|
||||||
done()
|
done()
|
||||||
|
}
|
||||||
|
)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue