Merge pull request #1479 from sharelatex/sk-check-read-token-against-v1

Check generated read-tokens against v1 GitOrigin-RevId: 15749a41a295c0401b0a39968f2c3657f8abebb8
2024-11-07 20:31:06 -05:00 · 2019-02-11 11:24:23 +00:00 · 2019-02-11 11:24:23 +00:00 · 7dcc807caf
commit 7dcc807caf
parent 78b79999e9
4 changed files with 46 additions and 9 deletions
--- a/services/web/app/coffee/Features/Project/ProjectDetailsHandler.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectDetailsHandler.coffee
@ -11,6 +11,7 @@ ProjectTokenGenerator = require('./ProjectTokenGenerator')
 ProjectHelper = require('./ProjectHelper')
 settings = require('settings-sharelatex')

+
 module.exports = ProjectDetailsHandler =
 	getDetails: (project_id, callback)->
 		ProjectGetter.getProject project_id, {name:true, description:true, compiler:true, features:true, owner_ref:true, overleaf:true}, (err, project)->
@ -130,11 +131,21 @@ module.exports = ProjectDetailsHandler =
 					has_readOnly: project?.tokens?.readOnly?,
 					has_readAndWrite: project?.tokens?.readAndWrite?
 				}, "generating tokens for project"
-				tokens = project.tokens || {}
-				if !tokens.readOnly?
-					tokens.readOnly = ProjectTokenGenerator.readOnlyToken()
-				if !tokens.readAndWrite?
-					tokens.readAndWrite = ProjectTokenGenerator.readAndWriteToken()
-				Project.update {_id: project_id}, {$set: {tokens: tokens}}, (err) ->
+				ProjectDetailsHandler._generateTokens project, (err) ->
 					return callback(err) if err?
-					callback(null, tokens)
+					Project.update {_id: project_id}, {$set: {tokens: project.tokens}}, (err) ->
+						return callback(err) if err?
+						callback(null, project.tokens)
+
+	_generateTokens: (project, callback=(err)->) ->
+		project.tokens ||= {}
+		tokens = project.tokens
+		if !tokens.readAndWrite?
+			tokens.readAndWrite = ProjectTokenGenerator.readAndWriteToken()
+		if !tokens.readOnly?
+			ProjectTokenGenerator.generateUniqueReadOnlyToken (err, token) ->
+				return callback(err) if err?
+				tokens.readOnly = token
+				callback()
+		else
+			callback()
--- a/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee
@ -1,4 +1,8 @@
 crypto = require 'crypto'
+V1Api = require('../V1/V1Api')
+Async = require('async')
+logger = require('logger-sharelatex')
+

 # This module mirrors the token generation in Overleaf (`random_token.rb`),
 # for the purposes of implementing token-based project access, like the
@ -41,3 +45,22 @@ module.exports = ProjectTokenGenerator =
 		)
 		fullToken = "#{numerics}#{token}"
 		return fullToken
+
+	generateUniqueReadOnlyToken: (callback=(err, token)->) ->
+		Async.retry 10
+			, (cb) ->
+				token = ProjectTokenGenerator.readOnlyToken()
+				logger.log {token}, "Generated read-only token"
+				V1Api.request {
+					url: "/api/v1/sharelatex/docs/read_token/#{token}/exists",
+					json: true
+				}, (err, response, body) ->
+					return cb(err) if err?
+					if response.statusCode != 200
+						return cb(new Error("non-200 response from v1 read-token-exists api: #{response.statusCode}"))
+					if body.exists == true
+						cb(new Error("token already exists in v1: #{token}"))
+					else
+						logger.log {token}, "Read-only token does not exist in v1, good to use"
+						cb(null, token)
+			, callback
--- a/services/web/test/acceptance/coffee/helpers/MockV1Api.coffee
+++ b/services/web/test/acceptance/coffee/helpers/MockV1Api.coffee
@ -162,6 +162,9 @@ module.exports = MockV1Api =
 			return res.json @doc_exported[req.params.token] if @doc_exported[req.params.token]?
 			res.json { exporting: false, exported: false }

+		app.get '/api/v1/sharelatex/docs/read_token/:token/exists', (req, res, next) =>
+			res.json { exists: false }
+
 		app.listen 5000, (error) ->
 			throw error if error?
 		.on "error", (error) ->
--- a/services/web/test/unit/coffee/Project/ProjectDetailsHandlerTests.coffee
+++ b/services/web/test/unit/coffee/Project/ProjectDetailsHandlerTests.coffee
@ -317,7 +317,7 @@ describe 'ProjectDetailsHandler', ->
 					.callsArgWith(2, null, @project)
 				@readOnlyToken = 'abc'
 				@readAndWriteToken = '42def'
-				@ProjectTokenGenerator.readOnlyToken = sinon.stub().returns(@readOnlyToken)
+				@ProjectTokenGenerator.generateUniqueReadOnlyToken = sinon.stub().callsArgWith(0, null, @readOnlyToken)
 				@ProjectTokenGenerator.readAndWriteToken = sinon.stub().returns(@readAndWriteToken)
 				@ProjectModel.update = sinon.stub()
 					.callsArgWith(2, null)
@ -331,7 +331,7 @@ describe 'ProjectDetailsHandler', ->

 			it 'should update the project with new tokens', (done) ->
 				@handler.ensureTokensArePresent @project_id, (err, tokens) =>
-					expect(@ProjectTokenGenerator.readOnlyToken.callCount)
+					expect(@ProjectTokenGenerator.generateUniqueReadOnlyToken.callCount)
 						.to.equal 1
 					expect(@ProjectTokenGenerator.readAndWriteToken.callCount)
 						.to.equal 1