From 652f0cb0b7ac18552757f9fe4c4d7de0df994bae Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Wed, 7 Feb 2024 11:27:16 +0000
Subject: [PATCH] Merge pull request #16960 from
 overleaf/jpa-server-pro-hotfix-4-2-2

[server-pro] add hotfix 4.2.2

GitOrigin-RevId: 61e7866798b3e263cabea4d32bc08957760013bf
---
 server-ce/hotfix/4.2.2/Dockerfile     |  5 ++++
 server-ce/hotfix/4.2.2/pr_16956.patch | 34 +++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 server-ce/hotfix/4.2.2/Dockerfile
 create mode 100644 server-ce/hotfix/4.2.2/pr_16956.patch

diff --git a/server-ce/hotfix/4.2.2/Dockerfile b/server-ce/hotfix/4.2.2/Dockerfile
new file mode 100644
index 0000000000..4af80fa0d3
--- /dev/null
+++ b/server-ce/hotfix/4.2.2/Dockerfile
@@ -0,0 +1,5 @@
+FROM sharelatex/sharelatex:4.2.1
+
+# Patch: https://github.com/overleaf/internal/pull/16956
+COPY pr_16956.patch .
+RUN patch -p0 < pr_16956.patch
diff --git a/server-ce/hotfix/4.2.2/pr_16956.patch b/server-ce/hotfix/4.2.2/pr_16956.patch
new file mode 100644
index 0000000000..884f2a6c96
--- /dev/null
+++ b/server-ce/hotfix/4.2.2/pr_16956.patch
@@ -0,0 +1,34 @@
+--- services/web/app/src/Features/Editor/EditorHttpController.js
++++ services/web/app/src/Features/Editor/EditorHttpController.js
+@@ -8,7 +8,6 @@ const CollaboratorsGetter = require('../Collaborators/CollaboratorsGetter')
+ const CollaboratorsInviteHandler = require('../Collaborators/CollaboratorsInviteHandler')
+ const CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler')
+ const PrivilegeLevels = require('../Authorization/PrivilegeLevels')
+-const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')
+ const SessionManager = require('../Authentication/SessionManager')
+ const Errors = require('../Errors/Errors')
+ const DocstoreManager = require('../Docstore/DocstoreManager')
+@@ -178,7 +177,7 @@ async function _buildJoinProjectView(req, projectId, userId) {
+     await CollaboratorsGetter.promises.getInvitedMembersWithPrivilegeLevels(
+       projectId
+     )
+-  const token = TokenAccessHandler.getRequestToken(req, projectId)
++  const token = req.headers['x-sl-anonymous-access-token']
+   const privilegeLevel =
+     await AuthorizationManager.promises.getPrivilegeLevelForProject(
+       userId,
+--- services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
++++ services/web/app/src/Features/TokenAccess/TokenAccessHandler.js
+@@ -213,10 +213,9 @@ const TokenAccessHandler = {
+
+   getRequestToken(req, projectId) {
+     const token =
+-      (req.session &&
+-        req.session.anonTokenAccess &&
+-        req.session.anonTokenAccess[projectId.toString()]) ||
+-      req.headers['x-sl-anonymous-access-token']
++      req.session &&
++      req.session.anonTokenAccess &&
++      req.session.anonTokenAccess[projectId.toString()]
+     return token
+   },