From 2ab5ad423072d817c95d2269a4a169b660dcd7d2 Mon Sep 17 00:00:00 2001
From: Shane Kilkelly <shane@kilkelly.me>
Date: Fri, 25 Nov 2016 14:38:00 +0000
Subject: [PATCH] If we're updating details from a SSO source, don't allow
 editing on settings page.

---
 .../Features/User/UserPagesController.coffee  |  2 +
 services/web/app/views/user/settings.jade     | 47 +++++++++++--------
 .../User/UserPagesControllerTests.coffee      | 36 +++++++++++++-
 3 files changed, 65 insertions(+), 20 deletions(-)

diff --git a/services/web/app/coffee/Features/User/UserPagesController.coffee b/services/web/app/coffee/Features/User/UserPagesController.coffee
index 76d88803a7..31dbc44baf 100644
--- a/services/web/app/coffee/Features/User/UserPagesController.coffee
+++ b/services/web/app/coffee/Features/User/UserPagesController.coffee
@@ -57,11 +57,13 @@ module.exports =
 	settingsPage : (req, res, next)->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		logger.log user: user_id, "loading settings page"
+		shouldAllowEditingDetails = !(Settings?.ldap?.updateUserDetailsOnLogin) and !(Settings?.saml?.updateUserDetailsOnLogin)
 		UserLocator.findById user_id, (err, user)->
 			return next(err) if err?
 			res.render 'user/settings',
 				title:'account_settings'
 				user: user,
+				shouldAllowEditingDetails: shouldAllowEditingDetails
 				languages: Settings.languages,
 				accountSettingsTabActive: true
 
diff --git a/services/web/app/views/user/settings.jade b/services/web/app/views/user/settings.jade
index 14d6902899..310912cf07 100644
--- a/services/web/app/views/user/settings.jade
+++ b/services/web/app/views/user/settings.jade
@@ -39,25 +39,34 @@ block content
 													label.control-label #{translate("email")}
 													div.form-control(readonly="true") #{user.email}
 
-											.form-group
-												label(for='firstName').control-label #{translate("first_name")}
-												input.form-control(
-													type='text',
-													name='first_name',
-													value=user.first_name
-												)
-											.form-group
-												label(for='lastName').control-label #{translate("last_name")}
-												input.form-control(
-													type='text',
-													name='last_name',
-													value=user.last_name
-												)
-											.actions
-												button.btn.btn-primary(
-													type='submit',
-													ng-disabled="settingsForm.$invalid"
-												)  #{translate("update")}
+											if shouldAllowEditingDetails
+												.form-group
+													label(for='firstName').control-label #{translate("first_name")}
+													input.form-control(
+														type='text',
+														name='first_name',
+														value=user.first_name
+													)
+												.form-group
+													label(for='lastName').control-label #{translate("last_name")}
+													input.form-control(
+														type='text',
+														name='last_name',
+														value=user.last_name
+													)
+												.actions
+													button.btn.btn-primary(
+														type='submit',
+														ng-disabled="settingsForm.$invalid"
+													)  #{translate("update")}
+											else
+												.form-group
+													label.control-label #{translate("first_name")}
+													div.form-control(readonly="true") #{user.first_name}
+												.form-group
+													label.control-label #{translate("last_name")}
+													div.form-control(readonly="true") #{user.last_name}
+
 									if !externalAuthenticationSystemUsed()
 										.col-md-5.col-md-offset-1
 											h3  #{translate("change_password")}
diff --git a/services/web/test/UnitTests/coffee/User/UserPagesControllerTests.coffee b/services/web/test/UnitTests/coffee/User/UserPagesControllerTests.coffee
index bb9fa22a15..041a20147f 100644
--- a/services/web/test/UnitTests/coffee/User/UserPagesControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/User/UserPagesControllerTests.coffee
@@ -31,7 +31,7 @@ describe "UserPagesController", ->
 			getLoggedInUserId: sinon.stub().returns(@user._id)
 			getSessionUser: sinon.stub().returns(@user)
 		@UserPagesController = SandboxedModule.require modulePath, requires:
-			"settings-sharelatex":@settings
+			"settings-sharelatex": @settings
 			"logger-sharelatex":
 				log:->
 				err:->
@@ -149,6 +149,40 @@ describe "UserPagesController", ->
 				done()
 			@UserPagesController.settingsPage @req, @res
 
+		it "should set 'shouldAllowEditingDetails' to true", (done)->
+			@res.render = (page, opts)=>
+				opts.shouldAllowEditingDetails.should.equal true
+				done()
+			@UserPagesController.settingsPage @req, @res
+
+		describe 'when ldap.updateUserDetailsOnLogin is true', ->
+
+			beforeEach ->
+				@settings.ldap = {updateUserDetailsOnLogin: true}
+
+			afterEach ->
+				delete @settings.ldap
+
+			it 'should set "shouldAllowEditingDetails" to false', (done) ->
+				@res.render = (page, opts)=>
+					opts.shouldAllowEditingDetails.should.equal false
+					done()
+				@UserPagesController.settingsPage @req, @res
+
+		describe 'when saml.updateUserDetailsOnLogin is true', ->
+
+			beforeEach ->
+				@settings.saml = {updateUserDetailsOnLogin: true}
+
+			afterEach ->
+				delete @settings.saml
+
+			it 'should set "shouldAllowEditingDetails" to false', (done) ->
+				@res.render = (page, opts)=>
+					opts.shouldAllowEditingDetails.should.equal false
+					done()
+				@UserPagesController.settingsPage @req, @res
+
 	describe "activateAccountPage", ->
 		beforeEach ->
 			@req.query.user_id = @user_id