mirror of
https://github.com/overleaf/overleaf.git
synced 2025-01-12 23:53:47 +00:00
Merge pull request #4047 from overleaf/ta-clear-sso-data
Clear SSO Data via Admin Panel GitOrigin-RevId: bd4e79ccc7f98337bc1f8b78947cc647352f6fbe
This commit is contained in:
parent
87fe3643a5
commit
4797f7e357
3 changed files with 67 additions and 0 deletions
|
@ -509,6 +509,34 @@ templates.securityAlert = NoCTAEmailTemplate({
|
|||
},
|
||||
})
|
||||
|
||||
templates.SAMLDataCleared = ctaTemplate({
|
||||
subject(opts) {
|
||||
return `Institutional Login No Longer Linked - ${settings.appName}`
|
||||
},
|
||||
title(opts) {
|
||||
return 'Institutional Login No Longer Linked'
|
||||
},
|
||||
message(opts, isPlainText) {
|
||||
return [
|
||||
`We're writing to let you know that due to a bug on our end, we've had to temporarily disable logging into your ${settings.appName} through your institution.`,
|
||||
`To get it going again, you'll need to relink your institutional email address to your ${settings.appName} account via your settings.`,
|
||||
]
|
||||
},
|
||||
secondaryMessage() {
|
||||
return [
|
||||
`If you ordinarily log in to your ${settings.appName} account through your institution, you may need to set or reset your password to regain access to your account first.`,
|
||||
'This bug did not affect the security of any accounts, but it may have affected license entitlements for a small number of users. We are sorry for any inconvenience that this may cause for you.',
|
||||
`If you have any questions, please get in touch with our support team at ${settings.adminEmail} or by replying to this email.`,
|
||||
]
|
||||
},
|
||||
ctaText(opts) {
|
||||
return 'Update my Emails and Affiliations'
|
||||
},
|
||||
ctaURL(opts) {
|
||||
return `${settings.siteUrl}/user/settings`
|
||||
},
|
||||
})
|
||||
|
||||
function _formatUserNameAndEmail(user, placeholder) {
|
||||
if (user.first_name && user.last_name) {
|
||||
const fullName = `${user.first_name} ${user.last_name}`
|
||||
|
|
|
@ -197,6 +197,7 @@ const InstitutionsAPI = {
|
|||
path: `/api/v2/users/${userId}/affiliations/remove_entitlement`,
|
||||
body: { email },
|
||||
defaultErrorMessage: "Couldn't remove entitlement",
|
||||
extraSuccessStatusCodes: [404],
|
||||
},
|
||||
callback
|
||||
)
|
||||
|
|
|
@ -81,6 +81,42 @@ async function addEmailAddress(userId, newEmail, affiliationOptions, auditLog) {
|
|||
}
|
||||
}
|
||||
|
||||
async function clearSAMLData(userId, auditLog, sendEmail) {
|
||||
const user = await UserGetter.promises.getUser(userId, {
|
||||
email: 1,
|
||||
emails: 1,
|
||||
})
|
||||
|
||||
await UserAuditLogHandler.promises.addEntry(
|
||||
userId,
|
||||
'clear-institution-sso-data',
|
||||
auditLog.initiatorId,
|
||||
auditLog.ipAddress,
|
||||
{}
|
||||
)
|
||||
|
||||
const update = {
|
||||
$unset: {
|
||||
samlIdentifiers: 1,
|
||||
'emails.$[].samlProviderId': 1,
|
||||
},
|
||||
}
|
||||
await UserUpdater.promises.updateUser(userId, update)
|
||||
|
||||
for (const emailData of user.emails) {
|
||||
await InstitutionsAPIPromises.removeEntitlement(userId, emailData.email)
|
||||
}
|
||||
|
||||
await FeaturesUpdater.promises.refreshFeatures(
|
||||
userId,
|
||||
'clear-institution-sso-data'
|
||||
)
|
||||
|
||||
if (sendEmail) {
|
||||
await EmailHandler.promises.sendEmail('SAMLDataCleared', { to: user.email })
|
||||
}
|
||||
}
|
||||
|
||||
async function setDefaultEmailAddress(
|
||||
userId,
|
||||
email,
|
||||
|
@ -313,6 +349,8 @@ const UserUpdater = {
|
|||
})
|
||||
},
|
||||
|
||||
clearSAMLData: callbackify(clearSAMLData),
|
||||
|
||||
// set the default email address by setting the `email` attribute. The email
|
||||
// must be one of the user's multiple emails (`emails` attribute)
|
||||
setDefaultEmailAddress: callbackify(setDefaultEmailAddress),
|
||||
|
|
Loading…
Reference in a new issue