From 479b37a48c7eb8f8f8c9831e302ebb927c8c478e Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Wed, 2 Apr 2014 15:56:54 +0100
Subject: [PATCH] null check user when getting user id from session

---
 .../AuthenticationController.coffee           |  6 +++-
 .../AuthenticationControllerTests.coffee      | 31 +++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee b/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
index 180f05738e..72383870b6 100644
--- a/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
+++ b/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
@@ -44,7 +44,11 @@ module.exports = AuthenticationController =
 				res.send(auth_token)
 
 	getLoggedInUserId: (req, callback = (error, user_id) ->) ->
-		callback null, req.session.user._id.toString()
+		if req?.session?.user?._id?
+			callback null, req.session.user._id.toString()
+		else
+			e = new Error("user is not on req session")
+			callback e
 
 	getLoggedInUser: (req, options = {allow_auth_token: false}, callback = (error, user) ->) ->
 		if req.session?.user?._id?
diff --git a/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee b/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
index 49f6d8a67c..ef76ba9004 100644
--- a/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
@@ -122,6 +122,37 @@ describe "AuthenticationController", ->
 			it "should only redirect to the local path", ->
 				expect(@res.body).to.deep.equal redir: "/test"
 
+	describe "getLoggedInUserId", ->
+
+		beforeEach ->
+			@req = 
+				session :{}
+
+		it "should return the user id from the session", (done)->
+			@user_id = "2134"
+			@req.session.user = 
+				_id:@user_id
+			@AuthenticationController.getLoggedInUserId @req, (err, user_id)=>
+				expect(user_id).to.equal @user_id
+				done()
+
+		it "should return an error if there is no user on the session", (done)->
+			@AuthenticationController.getLoggedInUserId @req, (err, user_id)=>
+				expect(err).to.exist
+				done()
+
+		it "should return an error if there is no session", (done)->
+			@req = {}
+			@AuthenticationController.getLoggedInUserId @req, (err, user_id)=>
+				expect(err).to.exist
+				done()
+
+		it "should return an error if there is no req", (done)->
+			@req = {}
+			@AuthenticationController.getLoggedInUserId @req, (err, user_id)=>
+				expect(err).to.exist
+				done()
+
 	describe "getLoggedInUser", ->
 		beforeEach ->
 			@UserGetter.getUser = sinon.stub().callsArgWith(1, null, @user)