Merge pull request #16956 from overleaf/jpa-anon-access-token

[web] read anonymous access token header from joinProject endpoint only

GitOrigin-RevId: 4f8f60c23dc93cc2b02a429bd5492d8a931ae284

services/web/app/src/Features/Editor/EditorHttpController.js

@@ -8,7 +8,6 @@ const CollaboratorsGetter = require('../Collaborators/CollaboratorsGetter')
 const CollaboratorsInviteHandler = require('../Collaborators/CollaboratorsInviteHandler')
 const CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler')
 const PrivilegeLevels = require('../Authorization/PrivilegeLevels')
-const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')
 const SessionManager = require('../Authentication/SessionManager')
 const Errors = require('../Errors/Errors')
 const DocstoreManager = require('../Docstore/DocstoreManager')
@@ -178,7 +177,7 @@ async function _buildJoinProjectView(req, projectId, userId) {
     await CollaboratorsGetter.promises.getInvitedMembersWithPrivilegeLevels(
       projectId
     )
-  const token = TokenAccessHandler.getRequestToken(req, projectId)
+  const token = req.headers['x-sl-anonymous-access-token']
   const privilegeLevel =
     await AuthorizationManager.promises.getPrivilegeLevelForProject(
       userId,

services/web/app/src/Features/TokenAccess/TokenAccessHandler.js

@@ -213,10 +213,9 @@ const TokenAccessHandler = {
 
   getRequestToken(req, projectId) {
     const token =
-      (req.session &&
+      req.session &&
-        req.session.anonTokenAccess &&
+      req.session.anonTokenAccess &&
-        req.session.anonTokenAccess[projectId.toString()]) ||
+      req.session.anonTokenAccess[projectId.toString()]
-      req.headers['x-sl-anonymous-access-token']
     return token
   },