When anon is denied access to read-write token, redirect to restricted

2025-02-23 05:11:15 +00:00 · 2017-11-06 16:46:42 +00:00 · 2017-11-06 16:46:42 +00:00 · 2b4d516353
commit 2b4d516353
parent 5d0dd6ffc9
3 changed files with 7 additions and 5 deletions
--- a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
@ -52,7 +52,7 @@ module.exports = TokenAccessController =
 					else
 						logger.log {token, projectId: project._id},
 							"[TokenAccess] deny anonymous read-and-write token access"
-						return next(new Errors.NotFoundError())
+						return res.redirect('/restricted')
 				if project.owner_ref.toString() == userId
 					logger.log {userId, projectId: project._id},
 						"[TokenAccess] user is already project owner"
--- a/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
@ -150,6 +150,7 @@ describe "TokenAccessController", ->
 					@TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED = false
 					@req = new MockRequest()
 					@res = new MockResponse()
+					@res.redirect = sinon.stub()
 					@next = sinon.stub()
 					@req.params['read_and_write_token'] = @readAndWriteToken
 					@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
@ -175,9 +176,9 @@ describe "TokenAccessController", ->
 					expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
 					done()

-				it 'should call next with an error', (done) ->
-					expect(@next.callCount).to.equal 1
-					expect(@next.lastCall.args[0]).to.be.instanceof Error
+				it 'should redirect to restricted page', (done) ->
+					expect(@res.redirect.callCount).to.equal 1
+					expect(@res.redirect.calledWith('/restricted')).to.equal true
 					done()

 		describe 'when findProject produces an error', ->
--- a/services/web/test/acceptance/coffee/TokenAccessTests.coffee
+++ b/services/web/test/acceptance/coffee/TokenAccessTests.coffee
@ -283,7 +283,8 @@ describe 'TokenAccess', ->

 			it 'should not allow the user to access read-and-write token', (done) ->
 				try_read_and_write_token_access(@anon, @tokens.readAndWrite, (response, body) =>
-					expect(response.statusCode).to.equal 404
+					expect(response.statusCode).to.equal 302
+					expect(body).to.match /.*\/restricted.*/
 				, done)

 			it 'should not allow the user to join the project', (done) ->