Merge pull request #977 from sharelatex/as-encode-auth-with-v1-query-strings

Encode redirects which will auth with v1 first
2025-04-04 23:37:19 +00:00 · 2018-09-28 09:45:54 +01:00 · 2018-09-28 09:45:54 +01:00 · 45bd46bc01
commit 45bd46bc01
parent a35b3eea7f 4f2c91a59a
3 changed files with 26 additions and 3 deletions
--- a/services/web/app/coffee/infrastructure/RedirectManager.coffee
+++ b/services/web/app/coffee/infrastructure/RedirectManager.coffee
@ -1,5 +1,7 @@
 settings = require("settings-sharelatex")
 logger = require("logger-sharelatex")
+URL = require('url')
+querystring = require('querystring')

 module.exports = RedirectManager =
 	apply: (webRouter) ->
@ -15,12 +17,20 @@ module.exports = RedirectManager =
 			else
 				if req.method == "POST"
 					code = 307
+
 				if typeof target.url == "function"
 					url = target.url(req.params)
 					if !url
 						return next()
 				else
 					url = target.url
+
+				# Special handling for redirecting to v1, to ensure that query params
+				# are encoded
+				if target.authWithV1
+					url = "/sign_in_to_v1?" + querystring.stringify(return_to: url + getQueryString(req))
+					return res.redirect code, url
+
 				if target.baseUrl?
 					url = "#{target.baseUrl}#{url}"
 			res.redirect code, url + getQueryString(req)
@ -29,5 +39,5 @@ module.exports = RedirectManager =
 # have differences between Express and Rails, so safer to just pass the raw
 # string
 getQueryString = (req) ->
-	qs = req.url.match(/\?.*$/)
-	if qs? then qs[0] else ""
+	{search} = URL.parse(req.url)
+	if search then search else ""
--- a/services/web/test/acceptance/coffee/RedirectUrlsTests.coffee
+++ b/services/web/test/acceptance/coffee/RedirectUrlsTests.coffee
@ -31,4 +31,13 @@ describe "RedirectUrls", ->
 		assertRedirect 'get', '/redirect/get_and_post', 302, '/destination/get_and_post', done

 	it 'redirects with query params', (done) ->
-		assertRedirect 'get', '/redirect/qs?foo=bar&baz[]=qux1&baz[]=qux2', 302, '/destination/qs?foo=bar&baz[]=qux1&baz[]=qux2', done
+		assertRedirect 'get', '/redirect/qs?foo=bar&baz[]=qux1&baz[]=qux2', 302, '/destination/qs?foo=bar&baz[]=qux1&baz[]=qux2', done
+
+	it 'redirects to /sign_in_to_v1 with authWithV1 setting', (done) ->
+		assertRedirect(
+			'get',
+			'/docs?zip_uri=http%3A%2F%2Foverleaf.test%2Ffoo%3Fbar%3Dbaz%26qux%3Dthing&bar=baz',
+			302,
+			'/sign_in_to_v1?return_to=%2Fdocs%3Fzip_uri%3Dhttp%253A%252F%252Foverleaf.test%252Ffoo%253Fbar%253Dbaz%2526qux%253Dthing%26bar%3Dbaz',
+			done
+		)
--- a/services/web/test/acceptance/config/settings.test.coffee
+++ b/services/web/test/acceptance/config/settings.test.coffee
@ -128,3 +128,7 @@ module.exports =
 			url: (params) -> "/destination/#{params.id}/params"
 		},
 		'/redirect/qs': '/destination/qs'
+		'/docs': {
+			authWithV1: true
+			url: '/docs'
+		}