Merge pull request #16956 from overleaf/jpa-anon-access-token

[web] read anonymous access token header from joinProject endpoint only

GitOrigin-RevId: 4f8f60c23dc93cc2b02a429bd5492d8a931ae284
This commit is contained in:
Jakob Ackermann 2024-02-07 08:59:32 +00:00 committed by Copybot
parent 91106239da
commit 4e689233a5
2 changed files with 4 additions and 6 deletions

View file

@ -8,7 +8,6 @@ const CollaboratorsGetter = require('../Collaborators/CollaboratorsGetter')
const CollaboratorsInviteHandler = require('../Collaborators/CollaboratorsInviteHandler') const CollaboratorsInviteHandler = require('../Collaborators/CollaboratorsInviteHandler')
const CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler') const CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler')
const PrivilegeLevels = require('../Authorization/PrivilegeLevels') const PrivilegeLevels = require('../Authorization/PrivilegeLevels')
const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')
const SessionManager = require('../Authentication/SessionManager') const SessionManager = require('../Authentication/SessionManager')
const Errors = require('../Errors/Errors') const Errors = require('../Errors/Errors')
const DocstoreManager = require('../Docstore/DocstoreManager') const DocstoreManager = require('../Docstore/DocstoreManager')
@ -178,7 +177,7 @@ async function _buildJoinProjectView(req, projectId, userId) {
await CollaboratorsGetter.promises.getInvitedMembersWithPrivilegeLevels( await CollaboratorsGetter.promises.getInvitedMembersWithPrivilegeLevels(
projectId projectId
) )
const token = TokenAccessHandler.getRequestToken(req, projectId) const token = req.headers['x-sl-anonymous-access-token']
const privilegeLevel = const privilegeLevel =
await AuthorizationManager.promises.getPrivilegeLevelForProject( await AuthorizationManager.promises.getPrivilegeLevelForProject(
userId, userId,

View file

@ -213,10 +213,9 @@ const TokenAccessHandler = {
getRequestToken(req, projectId) { getRequestToken(req, projectId) {
const token = const token =
(req.session && req.session &&
req.session.anonTokenAccess && req.session.anonTokenAccess &&
req.session.anonTokenAccess[projectId.toString()]) || req.session.anonTokenAccess[projectId.toString()]
req.headers['x-sl-anonymous-access-token']
return token return token
}, },