mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 13:53:40 -05:00
Merge pull request #4047 from overleaf/ta-clear-sso-data
Clear SSO Data via Admin Panel GitOrigin-RevId: bd4e79ccc7f98337bc1f8b78947cc647352f6fbe
This commit is contained in:
parent
87fe3643a5
commit
4797f7e357
3 changed files with 67 additions and 0 deletions
|
@ -509,6 +509,34 @@ templates.securityAlert = NoCTAEmailTemplate({
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
|
templates.SAMLDataCleared = ctaTemplate({
|
||||||
|
subject(opts) {
|
||||||
|
return `Institutional Login No Longer Linked - ${settings.appName}`
|
||||||
|
},
|
||||||
|
title(opts) {
|
||||||
|
return 'Institutional Login No Longer Linked'
|
||||||
|
},
|
||||||
|
message(opts, isPlainText) {
|
||||||
|
return [
|
||||||
|
`We're writing to let you know that due to a bug on our end, we've had to temporarily disable logging into your ${settings.appName} through your institution.`,
|
||||||
|
`To get it going again, you'll need to relink your institutional email address to your ${settings.appName} account via your settings.`,
|
||||||
|
]
|
||||||
|
},
|
||||||
|
secondaryMessage() {
|
||||||
|
return [
|
||||||
|
`If you ordinarily log in to your ${settings.appName} account through your institution, you may need to set or reset your password to regain access to your account first.`,
|
||||||
|
'This bug did not affect the security of any accounts, but it may have affected license entitlements for a small number of users. We are sorry for any inconvenience that this may cause for you.',
|
||||||
|
`If you have any questions, please get in touch with our support team at ${settings.adminEmail} or by replying to this email.`,
|
||||||
|
]
|
||||||
|
},
|
||||||
|
ctaText(opts) {
|
||||||
|
return 'Update my Emails and Affiliations'
|
||||||
|
},
|
||||||
|
ctaURL(opts) {
|
||||||
|
return `${settings.siteUrl}/user/settings`
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
function _formatUserNameAndEmail(user, placeholder) {
|
function _formatUserNameAndEmail(user, placeholder) {
|
||||||
if (user.first_name && user.last_name) {
|
if (user.first_name && user.last_name) {
|
||||||
const fullName = `${user.first_name} ${user.last_name}`
|
const fullName = `${user.first_name} ${user.last_name}`
|
||||||
|
|
|
@ -197,6 +197,7 @@ const InstitutionsAPI = {
|
||||||
path: `/api/v2/users/${userId}/affiliations/remove_entitlement`,
|
path: `/api/v2/users/${userId}/affiliations/remove_entitlement`,
|
||||||
body: { email },
|
body: { email },
|
||||||
defaultErrorMessage: "Couldn't remove entitlement",
|
defaultErrorMessage: "Couldn't remove entitlement",
|
||||||
|
extraSuccessStatusCodes: [404],
|
||||||
},
|
},
|
||||||
callback
|
callback
|
||||||
)
|
)
|
||||||
|
|
|
@ -81,6 +81,42 @@ async function addEmailAddress(userId, newEmail, affiliationOptions, auditLog) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function clearSAMLData(userId, auditLog, sendEmail) {
|
||||||
|
const user = await UserGetter.promises.getUser(userId, {
|
||||||
|
email: 1,
|
||||||
|
emails: 1,
|
||||||
|
})
|
||||||
|
|
||||||
|
await UserAuditLogHandler.promises.addEntry(
|
||||||
|
userId,
|
||||||
|
'clear-institution-sso-data',
|
||||||
|
auditLog.initiatorId,
|
||||||
|
auditLog.ipAddress,
|
||||||
|
{}
|
||||||
|
)
|
||||||
|
|
||||||
|
const update = {
|
||||||
|
$unset: {
|
||||||
|
samlIdentifiers: 1,
|
||||||
|
'emails.$[].samlProviderId': 1,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
await UserUpdater.promises.updateUser(userId, update)
|
||||||
|
|
||||||
|
for (const emailData of user.emails) {
|
||||||
|
await InstitutionsAPIPromises.removeEntitlement(userId, emailData.email)
|
||||||
|
}
|
||||||
|
|
||||||
|
await FeaturesUpdater.promises.refreshFeatures(
|
||||||
|
userId,
|
||||||
|
'clear-institution-sso-data'
|
||||||
|
)
|
||||||
|
|
||||||
|
if (sendEmail) {
|
||||||
|
await EmailHandler.promises.sendEmail('SAMLDataCleared', { to: user.email })
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async function setDefaultEmailAddress(
|
async function setDefaultEmailAddress(
|
||||||
userId,
|
userId,
|
||||||
email,
|
email,
|
||||||
|
@ -313,6 +349,8 @@ const UserUpdater = {
|
||||||
})
|
})
|
||||||
},
|
},
|
||||||
|
|
||||||
|
clearSAMLData: callbackify(clearSAMLData),
|
||||||
|
|
||||||
// set the default email address by setting the `email` attribute. The email
|
// set the default email address by setting the `email` attribute. The email
|
||||||
// must be one of the user's multiple emails (`emails` attribute)
|
// must be one of the user's multiple emails (`emails` attribute)
|
||||||
setDefaultEmailAddress: callbackify(setDefaultEmailAddress),
|
setDefaultEmailAddress: callbackify(setDefaultEmailAddress),
|
||||||
|
|
Loading…
Reference in a new issue