mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-27 05:23:44 +00:00
Add a setting to enable anonymous read-and-write link sharing
This commit is contained in:
parent
9c247d5f59
commit
7d2bde85ff
9 changed files with 253 additions and 81 deletions
|
@ -35,15 +35,23 @@ module.exports = AuthorizationManager =
|
|||
return callback(err) if err?
|
||||
if publicAccessLevel == PublicAccessLevels.TOKEN_BASED
|
||||
# Anonymous users can have read-only access to token-based projects,
|
||||
# while read-write access must be logged in
|
||||
TokenAccessHandler.isValidReadOnlyToken project_id, token, (err, isValid) ->
|
||||
return callback(err) if err?
|
||||
if isValid
|
||||
# Grant anonymous user read-only access
|
||||
callback null, PrivilegeLevels.READ_ONLY, false
|
||||
else
|
||||
# Deny anonymous user access
|
||||
callback null, PrivilegeLevels.NONE, false
|
||||
# while read-write access must be logged in,
|
||||
# unless the `enableAnonymousReadAndWriteSharing` setting is enabled
|
||||
TokenAccessHandler.isValidToken project_id, token,
|
||||
(err, isValidReadAndWrite, isValidReadOnly) ->
|
||||
return callback(err) if err?
|
||||
if isValidReadOnly
|
||||
# Grant anonymous user read-only access
|
||||
callback null, PrivilegeLevels.READ_ONLY, false
|
||||
else if (
|
||||
isValidReadAndWrite and
|
||||
TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
|
||||
)
|
||||
# Grant anonymous user read-and-write access
|
||||
callback null, PrivilegeLevels.READ_AND_WRITE, false
|
||||
else
|
||||
# Deny anonymous access
|
||||
callback null, PrivilegeLevels.NONE, false
|
||||
else if publicAccessLevel == PublicAccessLevels.READ_ONLY
|
||||
# Legacy public read-only access for anonymous user
|
||||
callback null, PrivilegeLevels.READ_ONLY, true
|
||||
|
|
|
@ -4,7 +4,6 @@ TokenAccessHandler = require './TokenAccessHandler'
|
|||
Errors = require '../Errors/Errors'
|
||||
logger = require 'logger-sharelatex'
|
||||
|
||||
|
||||
module.exports = TokenAccessController =
|
||||
|
||||
_loadEditor: (projectId, req, res, next) ->
|
||||
|
@ -23,6 +22,10 @@ module.exports = TokenAccessController =
|
|||
if !project?
|
||||
logger.log {token, userId},
|
||||
"no project found for readAndWrite token"
|
||||
if !userId?
|
||||
logger.log {token},
|
||||
"No project found with read-write token, anonymous user"
|
||||
return next(new Errors.NotFoundError())
|
||||
TokenAccessHandler
|
||||
.findPrivateOverleafProjectWithReadAndWriteToken token, (err, project) ->
|
||||
if err?
|
||||
|
@ -36,6 +39,17 @@ module.exports = TokenAccessController =
|
|||
logger.log {token, projectId: project._id}, "redirecting user to project"
|
||||
res.redirect(302, "/project/#{project._id}")
|
||||
else
|
||||
if !userId?
|
||||
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
|
||||
logger.log {token, projectId: project._id},
|
||||
"allow anonymous read-and-write token access"
|
||||
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
||||
req._anonToken = token
|
||||
return TokenAccessController._loadEditor(project._id, req, res, next)
|
||||
else
|
||||
logger.log {token, projectId: project._id},
|
||||
"deny anonymous read-and-write token access"
|
||||
return next(new Errors.NotFoundError())
|
||||
if project.owner_ref.toString() == userId
|
||||
logger.log {userId, projectId: project._id},
|
||||
"user is already project owner"
|
||||
|
@ -65,7 +79,7 @@ module.exports = TokenAccessController =
|
|||
if !userId?
|
||||
logger.log {userId, projectId: project._id},
|
||||
"adding anonymous user to project with readOnly token"
|
||||
TokenAccessHandler.grantSessionReadOnlyTokenAccess(req, project._id, token)
|
||||
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
|
||||
req._anonToken = token
|
||||
return TokenAccessController._loadEditor(project._id, req, res, next)
|
||||
else
|
||||
|
@ -80,7 +94,6 @@ module.exports = TokenAccessController =
|
|||
logger.err {err, token, userId, projectId: project._id},
|
||||
"error adding user to project with readAndWrite token"
|
||||
return next(err)
|
||||
req.params.Project_id = project._id.toString()
|
||||
return ProjectController.loadEditor(req, res, next)
|
||||
return TokenAccessController._loadEditor(project._id, req, res, next)
|
||||
|
||||
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
Project = require('../../models/Project').Project
|
||||
PublicAccessLevels = require '../Authorization/PublicAccessLevels'
|
||||
ObjectId = require("mongojs").ObjectId
|
||||
Settings = require('settings-sharelatex')
|
||||
|
||||
module.exports = TokenAccessHandler =
|
||||
|
||||
ANONYMOUS_READ_AND_WRITE_ENABLED:
|
||||
Settings.allowAnonymousReadAndWriteSharing == true
|
||||
|
||||
findProjectWithReadOnlyToken: (token, callback=(err, project)->) ->
|
||||
Project.findOne {
|
||||
'tokens.readOnly': token,
|
||||
|
@ -41,28 +45,30 @@ module.exports = TokenAccessHandler =
|
|||
$addToSet: {tokenAccessReadAndWrite_refs: userId}
|
||||
}, callback
|
||||
|
||||
grantSessionReadOnlyTokenAccess: (req, projectId, token) ->
|
||||
grantSessionTokenAccess: (req, projectId, token) ->
|
||||
if req.session?
|
||||
if !req.session.anonReadOnlyTokenAccess?
|
||||
req.session.anonReadOnlyTokenAccess = {}
|
||||
req.session.anonReadOnlyTokenAccess[projectId.toString()] = token.toString()
|
||||
if !req.session.anonTokenAccess?
|
||||
req.session.anonTokenAccess = {}
|
||||
req.session.anonTokenAccess[projectId.toString()] = token.toString()
|
||||
|
||||
getRequestToken: (req, projectId) ->
|
||||
token = (
|
||||
req?.session?.anonReadOnlyTokenAccess?[projectId.toString()] or
|
||||
req?.session?.anonTokenAccess?[projectId.toString()] or
|
||||
req?.headers['x-sl-anon-token']
|
||||
)
|
||||
return token
|
||||
|
||||
isValidReadOnlyToken: (projectId, token, callback=(err, allowed)->) ->
|
||||
isValidToken: (projectId, token, callback=(err, isValidReadAndWrite, isValidReadOnly)->) ->
|
||||
if !token
|
||||
return callback null, false
|
||||
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project) ->
|
||||
return callback null, false, false
|
||||
_validate = (project) ->
|
||||
project? and
|
||||
project.publicAccesLevel == PublicAccessLevels.TOKEN_BASED and
|
||||
project._id.toString() == projectId.toString()
|
||||
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, readAndWriteProject) ->
|
||||
return callback(err) if err?
|
||||
isAllowed = (
|
||||
project? and
|
||||
project.publicAccesLevel == PublicAccessLevels.TOKEN_BASED and
|
||||
project._id.toString() == projectId.toString()
|
||||
)
|
||||
callback null, isAllowed
|
||||
|
||||
isValidReadAndWrite = _validate(readAndWriteProject)
|
||||
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, readOnlyProject) ->
|
||||
return callback(err) if err?
|
||||
isValidReadOnly = _validate(readOnlyProject)
|
||||
callback null, isValidReadAndWrite, isValidReadOnly
|
||||
|
|
|
@ -343,7 +343,6 @@ module.exports = class Router
|
|||
TokenAccessController.readOnlyToken
|
||||
|
||||
webRouter.get '/:read_and_write_token([0-9]+[a-z]+)',
|
||||
AuthenticationController.requireLogin(),
|
||||
TokenAccessController.readAndWriteToken
|
||||
|
||||
webRouter.get '*', ErrorController.notFound
|
||||
|
|
|
@ -16,6 +16,11 @@ httpAuthUsers[httpAuthUser] = httpAuthPass
|
|||
sessionSecret = "secret-please-change"
|
||||
|
||||
module.exports = settings =
|
||||
|
||||
allowAnonymousReadAndWriteSharing:
|
||||
process.env['SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING'] == 'true'
|
||||
|
||||
|
||||
# File storage
|
||||
# ------------
|
||||
#
|
||||
|
|
|
@ -14,7 +14,7 @@ describe "AuthorizationManager", ->
|
|||
"../../models/User": User: @User = {}
|
||||
"../Errors/Errors": Errors
|
||||
"../TokenAccess/TokenAccessHandler": @TokenAccessHandler = {
|
||||
isValidReadOnlyToken: sinon.stub().callsArgWith(2, null, false)
|
||||
isValidToken: sinon.stub().callsArgWith(2, null, false, false)
|
||||
}
|
||||
@user_id = "user-id-1"
|
||||
@project_id = "project-id-1"
|
||||
|
|
|
@ -463,7 +463,7 @@ describe "TokenAccessController", ->
|
|||
describe 'anonymous', ->
|
||||
beforeEach ->
|
||||
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(null)
|
||||
@TokenAccessHandler.grantSessionReadOnlyTokenAccess = sinon.stub()
|
||||
@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
|
||||
|
||||
describe 'when all goes well', ->
|
||||
beforeEach ->
|
||||
|
@ -486,9 +486,9 @@ describe "TokenAccessController", ->
|
|||
done()
|
||||
|
||||
it 'should give the user session read-only access', (done) ->
|
||||
expect(@TokenAccessHandler.grantSessionReadOnlyTokenAccess.callCount)
|
||||
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.grantSessionReadOnlyTokenAccess.calledWith(
|
||||
expect(@TokenAccessHandler.grantSessionTokenAccess.calledWith(
|
||||
@req, @projectId, @readOnlyToken
|
||||
))
|
||||
.to.equal true
|
||||
|
@ -527,7 +527,7 @@ describe "TokenAccessController", ->
|
|||
done()
|
||||
|
||||
it 'should not give the user session read-only access', (done) ->
|
||||
expect(@TokenAccessHandler.grantSessionReadOnlyTokenAccess.callCount)
|
||||
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
|
||||
.to.equal 0
|
||||
done()
|
||||
|
||||
|
@ -567,7 +567,7 @@ describe "TokenAccessController", ->
|
|||
done()
|
||||
|
||||
it 'should not give the user session read-only access', (done) ->
|
||||
expect(@TokenAccessHandler.grantSessionReadOnlyTokenAccess.callCount)
|
||||
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
|
||||
.to.equal 0
|
||||
done()
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ describe "TokenAccessHandler", ->
|
|||
@req = {}
|
||||
@TokenAccessHandler = SandboxedModule.require modulePath, requires:
|
||||
'../../models/Project': {Project: @Project = {}}
|
||||
'settings-sharelatex': {}
|
||||
|
||||
|
||||
describe 'findProjectWithReadOnlyToken', ->
|
||||
|
@ -175,98 +176,187 @@ describe "TokenAccessHandler", ->
|
|||
done()
|
||||
|
||||
|
||||
describe 'grantSessionReadOnlyTokenAccess', ->
|
||||
describe 'grantSessionTokenAccess', ->
|
||||
beforeEach ->
|
||||
@req = {session: {}, headers: {}}
|
||||
|
||||
it 'should add the token to the session', (done) ->
|
||||
@TokenAccessHandler.grantSessionReadOnlyTokenAccess(@req, @projectId, @token)
|
||||
expect(@req.session.anonReadOnlyTokenAccess[@projectId.toString()])
|
||||
@TokenAccessHandler.grantSessionTokenAccess(@req, @projectId, @token)
|
||||
expect(@req.session.anonTokenAccess[@projectId.toString()])
|
||||
.to.equal @token
|
||||
done()
|
||||
|
||||
|
||||
describe 'isValidReadOnlyToken', ->
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
|
||||
it 'should call findProjectWithReadOnlyToken', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should allow access', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
expect(err).to.not.exist
|
||||
expect(allowed).to.equal true
|
||||
done()
|
||||
|
||||
describe 'when no project is found', ->
|
||||
|
||||
|
||||
describe 'isValidToken', ->
|
||||
|
||||
describe 'when a read-only project is found', ->
|
||||
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
|
||||
it 'should call findProjectWithReadOnlyToken', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should not allow access', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @req, @projectId, (err, allowed) =>
|
||||
it 'should allow read-only access', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, rw, ro) =>
|
||||
expect(err).to.not.exist
|
||||
expect(allowed).to.equal false
|
||||
expect(rw).to.equal false
|
||||
expect(ro).to.equal true
|
||||
done()
|
||||
|
||||
describe 'when no findProject produces an error', ->
|
||||
describe 'when a read-and-write project is found', ->
|
||||
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should allow read-and-write access', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, rw, ro) =>
|
||||
expect(err).to.not.exist
|
||||
expect(rw).to.equal true
|
||||
expect(ro).to.equal false
|
||||
done()
|
||||
|
||||
describe 'when no project is found', ->
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should not allow any access', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, rw, ro) =>
|
||||
expect(err).to.not.exist
|
||||
expect(rw).to.equal false
|
||||
expect(ro).to.equal false
|
||||
done()
|
||||
|
||||
describe 'when findProject produces an error', ->
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, new Error('woops'))
|
||||
|
||||
it 'should call findProjectWithReadOnlyToken', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should produce an error and not allow access', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, rw, ro) =>
|
||||
expect(err).to.exist
|
||||
expect(err).to.be.instanceof Error
|
||||
expect(allowed).to.equal undefined
|
||||
expect(rw).to.equal undefined
|
||||
expect(ro).to.equal undefined
|
||||
done()
|
||||
|
||||
describe 'when project is not set to token-based access', ->
|
||||
beforeEach ->
|
||||
@project.publicAccesLevel = 'private'
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
|
||||
it 'should call findProjectWithReadOnlyToken', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
describe 'for read-and-write project', ->
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
|
||||
it 'should not allow access', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, @token, (err, allowed) =>
|
||||
expect(err).to.not.exist
|
||||
expect(allowed).to.equal false
|
||||
done()
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should not allow any access', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, rw, ro) =>
|
||||
expect(err).to.not.exist
|
||||
expect(rw).to.equal false
|
||||
expect(ro).to.equal false
|
||||
done()
|
||||
|
||||
describe 'for read-only project', ->
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 1
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 1
|
||||
done()
|
||||
|
||||
it 'should not allow any access', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, @token, (err, rw, ro) =>
|
||||
expect(err).to.not.exist
|
||||
expect(rw).to.equal false
|
||||
expect(ro).to.equal false
|
||||
done()
|
||||
|
||||
describe 'with nothing', ->
|
||||
beforeEach ->
|
||||
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
|
||||
.callsArgWith(1, null, @project)
|
||||
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
|
||||
.callsArgWith(1, null, null)
|
||||
|
||||
it 'should not call findProjectWithReadOnlyToken', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @projectId, null, (err, allowed) =>
|
||||
@TokenAccessHandler.isValidToken @projectId, null, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 0
|
||||
done()
|
||||
|
||||
it 'should not allow access', (done) ->
|
||||
@TokenAccessHandler.isValidReadOnlyToken @req, @projectId, (err, allowed) =>
|
||||
expect(err).to.not.exist
|
||||
expect(allowed).to.equal false
|
||||
it 'should try to find projects with both kinds of token', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, null, (err, allowed) =>
|
||||
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
|
||||
.to.equal 0
|
||||
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
|
||||
.to.equal 0
|
||||
done()
|
||||
|
||||
it 'should not allow any access', (done) ->
|
||||
@TokenAccessHandler.isValidToken @projectId, null, (err, rw, ro) =>
|
||||
expect(err).to.not.exist
|
||||
expect(rw).to.equal false
|
||||
expect(ro).to.equal false
|
||||
done()
|
||||
|
|
|
@ -241,6 +241,57 @@ describe 'TokenAccess', ->
|
|||
expect(body.privilegeLevel).to.equal false
|
||||
, done)
|
||||
|
||||
if !settings.allowAnonymousReadAndWriteSharing
|
||||
console.log ">> Skipping anonymous read-write token tests"
|
||||
else
|
||||
describe 'anonymous read-and-write token', ->
|
||||
before (done) ->
|
||||
@owner.createProject 'token-anon-rw-test#{Math.random()}', (err, project_id) =>
|
||||
return done(err) if err?
|
||||
@project_id = project_id
|
||||
@owner.makeTokenBased @project_id, (err) =>
|
||||
return done(err) if err?
|
||||
@owner.getProject @project_id, (err, project) =>
|
||||
return done(err) if err?
|
||||
@tokens = project.tokens
|
||||
done()
|
||||
|
||||
it 'should deny access before the token is used', (done) ->
|
||||
try_read_access(@anon, @project_id, (response, body) =>
|
||||
expect(response.statusCode).to.equal 302
|
||||
expect(body).to.match /.*\/restricted.*/
|
||||
, done)
|
||||
|
||||
it 'should allow the user to access project via read-and-write token url', (done) ->
|
||||
try_read_and_write_token_access(@anon, @tokens.readAndWrite, (response, body) =>
|
||||
expect(response.statusCode).to.equal 200
|
||||
, done)
|
||||
|
||||
it 'should allow the user to anonymously join the project with read-and-write access', (done) ->
|
||||
try_anon_content_access(@anon, @project_id, @tokens.readAndWrite, (response, body) =>
|
||||
expect(body.privilegeLevel).to.equal 'readAndWrite'
|
||||
, done)
|
||||
|
||||
describe 'made private again', ->
|
||||
before (done) ->
|
||||
@owner.makePrivate @project_id, () -> setTimeout(done, 1000)
|
||||
|
||||
it 'should deny access to project', (done) ->
|
||||
try_read_access(@anon, @project_id, (response, body) =>
|
||||
expect(response.statusCode).to.equal 302
|
||||
expect(body).to.match /.*\/restricted.*/
|
||||
, done)
|
||||
|
||||
it 'should not allow the user to access read-and-write token', (done) ->
|
||||
try_read_and_write_token_access(@anon, @tokens.readAndWrite, (response, body) =>
|
||||
expect(response.statusCode).to.equal 404
|
||||
, done)
|
||||
|
||||
it 'should not allow the user to join the project', (done) ->
|
||||
try_anon_content_access(@anon, @project_id, @tokens.readAndWrite, (response, body) =>
|
||||
expect(body.privilegeLevel).to.equal false
|
||||
, done)
|
||||
|
||||
|
||||
describe 'private overleaf project', ->
|
||||
before (done) ->
|
||||
|
|
Loading…
Reference in a new issue