From 5517adcbd1d7662fbfd1b4b8f6a48100dcd49f28 Mon Sep 17 00:00:00 2001
From: Simon Detheridge <gh2k@users.noreply.github.com>
Date: Thu, 25 Apr 2019 15:21:47 +0100
Subject: [PATCH] Merge pull request #1726 from
 sharelatex/hb-sso-password-setting

Check for password from v1 before showing password change form

GitOrigin-RevId: 58ef0f9d3c8ce3ab7ca51d3538f1be13f05d4658
---
 .../Features/User/UserPagesController.coffee  | 36 +++++++++++++++----
 services/web/app/views/user/settings.pug      |  3 ++
 .../User/UserPagesControllerTests.coffee      | 10 +++++-
 3 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/services/web/app/coffee/Features/User/UserPagesController.coffee b/services/web/app/coffee/Features/User/UserPagesController.coffee
index c228831687..cbbbf87b23 100644
--- a/services/web/app/coffee/Features/User/UserPagesController.coffee
+++ b/services/web/app/coffee/Features/User/UserPagesController.coffee
@@ -3,10 +3,11 @@ UserSessionsManager = require("./UserSessionsManager")
 ErrorController = require("../Errors/ErrorController")
 logger = require("logger-sharelatex")
 Settings = require("settings-sharelatex")
+request = require 'request'
 fs = require('fs')
 AuthenticationController = require('../Authentication/AuthenticationController')
 
-module.exports =
+module.exports = UserPagesController =
 
 	registerPage : (req, res)->
 		sharedProjectData =
@@ -72,12 +73,17 @@ module.exports =
 		shouldAllowEditingDetails = !(Settings?.ldap?.updateUserDetailsOnLogin) and !(Settings?.saml?.updateUserDetailsOnLogin)
 		UserGetter.getUser user_id, (err, user)->
 			return next(err) if err?
-			res.render 'user/settings',
-				title:'account_settings'
-				user: user,
-				shouldAllowEditingDetails: shouldAllowEditingDetails
-				languages: Settings.languages,
-				accountSettingsTabActive: true
+
+			UserPagesController._hasPassword user, (err, passwordPresent) ->
+				if err
+					logger.err {err}, "error getting password status from v1"
+				res.render 'user/settings',
+					title:'account_settings'
+					user: user,
+					hasPassword: passwordPresent,
+					shouldAllowEditingDetails: shouldAllowEditingDetails
+					languages: Settings.languages,
+					accountSettingsTabActive: true
 
 	sessionsPage: (req, res, next) ->
 		user = AuthenticationController.getSessionUser(req)
@@ -89,3 +95,19 @@ module.exports =
 			res.render 'user/sessions',
 				title: "sessions"
 				sessions: sessions
+
+	_hasPassword: (user, callback) ->
+		request.get {
+			url: "#{Settings.apis.v1.url}/api/v1/sharelatex/has_password"
+			auth: { user: Settings.apis.v1.user, pass: Settings.apis.v1.pass }
+			body: { user_id: user?.overleaf?.id }
+			timeout: 20 * 1000
+			json: true
+		}, (err, response, body) ->
+			if err
+				# for errors assume password and show password setting form
+				return callback(err, true)
+			else if body?.has_password
+				return callback(err, true)
+			return callback(err, false)
+     
diff --git a/services/web/app/views/user/settings.pug b/services/web/app/views/user/settings.pug
index 92788e1b21..247a38c22e 100644
--- a/services/web/app/views/user/settings.pug
+++ b/services/web/app/views/user/settings.pug
@@ -88,6 +88,9 @@ block content
 									if externalAuthenticationSystemUsed() && !settings.overleaf
 										p
 											Password settings are managed externally
+									else if !hasPassword
+										p
+											| #[a(href="/user/password/reset", target='_blank') #{translate("no_existing_password")}]
 									else
 										- var submitAction
 										if settings.overleaf
diff --git a/services/web/test/unit/coffee/User/UserPagesControllerTests.coffee b/services/web/test/unit/coffee/User/UserPagesControllerTests.coffee
index 6555dce1e0..e7a039e130 100644
--- a/services/web/test/unit/coffee/User/UserPagesControllerTests.coffee
+++ b/services/web/test/unit/coffee/User/UserPagesControllerTests.coffee
@@ -10,7 +10,13 @@ describe "UserPagesController", ->
 
 	beforeEach ->
 
-		@settings = {}
+		@settings = {
+			apis:
+				v1:
+						url: 'some.host'
+						user: 'one'
+						pass: 'two'
+		}
 		@user =
 			_id: @user_id = "kwjewkl"
 			features:{}
@@ -39,6 +45,7 @@ describe "UserPagesController", ->
 			"../Errors/ErrorController": @ErrorController
 			'../Dropbox/DropboxHandler': @DropboxHandler
 			'../Authentication/AuthenticationController': @AuthenticationController
+			'request': @request = sinon.stub()
 		@req =
 			query:{}
 			session:
@@ -133,6 +140,7 @@ describe "UserPagesController", ->
 
 	describe "settingsPage", ->
 		beforeEach ->
+			@request.get = sinon.stub().callsArgWith(1, null, {statusCode: 200}, {has_password: true})
 			@UserGetter.getUser = sinon.stub().callsArgWith(1, null, @user)
 
 		it "should render user/settings", (done)->