Merge pull request #1726 from sharelatex/hb-sso-password-setting

Check for password from v1 before showing password change form GitOrigin-RevId: 58ef0f9d3c8ce3ab7ca51d3538f1be13f05d4658
2024-11-21 20:47:08 -05:00 · 2019-04-25 15:21:47 +01:00 · 2019-04-25 15:21:47 +01:00 · 5517adcbd1
commit 5517adcbd1
parent 16f905358a
3 changed files with 41 additions and 8 deletions
--- a/services/web/app/coffee/Features/User/UserPagesController.coffee
+++ b/services/web/app/coffee/Features/User/UserPagesController.coffee
@ -3,10 +3,11 @@ UserSessionsManager = require("./UserSessionsManager")
 ErrorController = require("../Errors/ErrorController")
 logger = require("logger-sharelatex")
 Settings = require("settings-sharelatex")
+request = require 'request'
 fs = require('fs')
 AuthenticationController = require('../Authentication/AuthenticationController')

-module.exports =
+module.exports = UserPagesController =

 	registerPage : (req, res)->
 		sharedProjectData =
@ -72,12 +73,17 @@ module.exports =
 		shouldAllowEditingDetails = !(Settings?.ldap?.updateUserDetailsOnLogin) and !(Settings?.saml?.updateUserDetailsOnLogin)
 		UserGetter.getUser user_id, (err, user)->
 			return next(err) if err?
-			res.render 'user/settings',
-				title:'account_settings'
-				user: user,
-				shouldAllowEditingDetails: shouldAllowEditingDetails
-				languages: Settings.languages,
-				accountSettingsTabActive: true
+
+			UserPagesController._hasPassword user, (err, passwordPresent) ->
+				if err
+					logger.err {err}, "error getting password status from v1"
+				res.render 'user/settings',
+					title:'account_settings'
+					user: user,
+					hasPassword: passwordPresent,
+					shouldAllowEditingDetails: shouldAllowEditingDetails
+					languages: Settings.languages,
+					accountSettingsTabActive: true

 	sessionsPage: (req, res, next) ->
 		user = AuthenticationController.getSessionUser(req)
@ -89,3 +95,19 @@ module.exports =
 			res.render 'user/sessions',
 				title: "sessions"
 				sessions: sessions
+
+	_hasPassword: (user, callback) ->
+		request.get {
+			url: "#{Settings.apis.v1.url}/api/v1/sharelatex/has_password"
+			auth: { user: Settings.apis.v1.user, pass: Settings.apis.v1.pass }
+			body: { user_id: user?.overleaf?.id }
+			timeout: 20 * 1000
+			json: true
+		}, (err, response, body) ->
+			if err
+				# for errors assume password and show password setting form
+				return callback(err, true)
+			else if body?.has_password
+				return callback(err, true)
+			return callback(err, false)
+     
--- a/services/web/app/views/user/settings.pug
+++ b/services/web/app/views/user/settings.pug
@ -88,6 +88,9 @@ block content
 									if externalAuthenticationSystemUsed() && !settings.overleaf
 										p
 											Password settings are managed externally
+									else if !hasPassword
+										p
+											| #[a(href="/user/password/reset", target='_blank') #{translate("no_existing_password")}]
 									else
 										- var submitAction
 										if settings.overleaf
--- a/services/web/test/unit/coffee/User/UserPagesControllerTests.coffee
+++ b/services/web/test/unit/coffee/User/UserPagesControllerTests.coffee
@ -10,7 +10,13 @@ describe "UserPagesController", ->

 	beforeEach ->

-		@settings = {}
+		@settings = {
+			apis:
+				v1:
+						url: 'some.host'
+						user: 'one'
+						pass: 'two'
+		}
 		@user =
 			_id: @user_id = "kwjewkl"
 			features:{}
@ -39,6 +45,7 @@ describe "UserPagesController", ->
 			"../Errors/ErrorController": @ErrorController
 			'../Dropbox/DropboxHandler': @DropboxHandler
 			'../Authentication/AuthenticationController': @AuthenticationController
+			'request': @request = sinon.stub()
 		@req =
 			query:{}
 			session:
@ -133,6 +140,7 @@ describe "UserPagesController", ->

 	describe "settingsPage", ->
 		beforeEach ->
+			@request.get = sinon.stub().callsArgWith(1, null, {statusCode: 200}, {has_password: true})
 			@UserGetter.getUser = sinon.stub().callsArgWith(1, null, @user)

 		it "should render user/settings", (done)->