Merge pull request #109 from sharelatex/sk-token-access-redirect-fix

Set redirect when bouncing away from token route; Fixes overleaf/sharelatex#250
2024-11-07 20:31:06 -05:00 · 2017-11-15 14:56:42 +00:00 · 2017-11-15 14:56:42 +00:00 · 2a7e68e37b
commit 2a7e68e37b
parent c21b5ca1cc 5df4556e9c
2 changed files with 8 additions and 0 deletions
--- a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
@ -52,6 +52,7 @@ module.exports = TokenAccessController =
 					else
 						logger.log {token, projectId: project._id},
 							"[TokenAccess] deny anonymous read-and-write token access"
+						AuthenticationController._setRedirectInSession(req)
 						return res.redirect('/restricted')
 				if project.owner_ref.toString() == userId
 					logger.log {userId, projectId: project._id},
--- a/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
@ -48,6 +48,7 @@ describe "TokenAccessController", ->
 				@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
 					.callsArgWith(2, null)
 				@ProjectController.loadEditor = sinon.stub()
+				@AuthenticationController._setRedirectInSession = sinon.stub()
 				@TokenAccessController.readAndWriteToken @req, @res, @next

 			it 'should try to find a project with this token', (done) ->
@ -159,6 +160,7 @@ describe "TokenAccessController", ->
 						.callsArgWith(2, null)
 					@ProjectController.loadEditor = sinon.stub()
 					@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
+					@AuthenticationController._setRedirectInSession = sinon.stub()
 					@TokenAccessController.readAndWriteToken @req, @res, @next

 				it 'should not add the user to the project with read-write access', (done) ->
@ -176,6 +178,11 @@ describe "TokenAccessController", ->
 					expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
 					done()

+				it 'should set redirect in session', (done) ->
+					expect(@AuthenticationController._setRedirectInSession.callCount).to.equal 1
+					expect(@AuthenticationController._setRedirectInSession.calledWith(@req)).to.equal true
+					done()
+
 				it 'should redirect to restricted page', (done) ->
 					expect(@res.redirect.callCount).to.equal 1
 					expect(@res.redirect.calledWith('/restricted')).to.equal true