mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
redirect users to /register when coming from templates or share url
redirect to /login when going anywhere else (/project /project/1234)
This commit is contained in:
parent
efe8667e5e
commit
804bc16bc8
4 changed files with 81 additions and 23 deletions
|
@ -71,18 +71,33 @@ module.exports = AuthenticationController =
|
||||||
if load_from_db
|
if load_from_db
|
||||||
AuthenticationController.getLoggedInUser req, { allow_auth_token: options.allow_auth_token }, (error, user) ->
|
AuthenticationController.getLoggedInUser req, { allow_auth_token: options.allow_auth_token }, (error, user) ->
|
||||||
return next(error) if error?
|
return next(error) if error?
|
||||||
return AuthenticationController._redirectToRegisterPage(req, res) if !user?
|
return AuthenticationController._redirectToLoginOrRegisterPage(req, res) if !user?
|
||||||
req.user = user
|
req.user = user
|
||||||
return next()
|
return next()
|
||||||
else
|
else
|
||||||
if !req.session.user?
|
if !req.session.user?
|
||||||
return AuthenticationController._redirectToRegisterPage(req, res)
|
AuthenticationController._redirectToLoginOrRegisterPage(req, res)
|
||||||
else
|
else
|
||||||
req.user = req.session.user
|
req.user = req.session.user
|
||||||
return next()
|
return next()
|
||||||
|
|
||||||
return doRequest
|
return doRequest
|
||||||
|
|
||||||
|
|
||||||
|
_redirectToLoginOrRegisterPage: (req, res)->
|
||||||
|
if req.query.zipUrl? or req.query.project_name?
|
||||||
|
return AuthenticationController._redirectToRegisterPage(req, res)
|
||||||
|
else
|
||||||
|
AuthenticationController._redirectToLoginPage(req, res)
|
||||||
|
|
||||||
|
|
||||||
|
_redirectToLoginPage: (req, res) ->
|
||||||
|
logger.log url: req.url, "user not logged in so redirecting to login page"
|
||||||
|
req.query.redir = req.path
|
||||||
|
url = "/login?#{querystring.stringify(req.query)}"
|
||||||
|
res.redirect url
|
||||||
|
Metrics.inc "security.login-redirect"
|
||||||
|
|
||||||
_redirectToRegisterPage: (req, res) ->
|
_redirectToRegisterPage: (req, res) ->
|
||||||
logger.log url: req.url, "user not logged in so redirecting to register page"
|
logger.log url: req.url, "user not logged in so redirecting to register page"
|
||||||
req.query.redir = req.path
|
req.query.redir = req.path
|
||||||
|
|
|
@ -54,10 +54,7 @@ module.exports = SecurityManager =
|
||||||
res.redirect('/restricted')
|
res.redirect('/restricted')
|
||||||
else
|
else
|
||||||
logger.log "user not logged in and trying to access #{req.url}, being redirected to login"
|
logger.log "user not logged in and trying to access #{req.url}, being redirected to login"
|
||||||
req.query.redir = req._parsedUrl.pathname
|
AuthenticationController._redirectToLoginOrRegisterPage(req, res)
|
||||||
url = "/register?#{querystring.stringify(req.query)}"
|
|
||||||
res.redirect url
|
|
||||||
email = "not logged in user"
|
|
||||||
if arguments.length > 1
|
if arguments.length > 1
|
||||||
options =
|
options =
|
||||||
allow_auth_token: false
|
allow_auth_token: false
|
||||||
|
|
|
@ -7,12 +7,13 @@ block content
|
||||||
.registration_message
|
.registration_message
|
||||||
if sharedProjectData.user_first_name !== undefined
|
if sharedProjectData.user_first_name !== undefined
|
||||||
h1 #{translate("user_wants_you_to_see_project", {username:sharedProjectData.user_first_name, projectname:sharedProjectData.project_name})}
|
h1 #{translate("user_wants_you_to_see_project", {username:sharedProjectData.user_first_name, projectname:sharedProjectData.project_name})}
|
||||||
div #{translate("join_sl_to_view_project")}
|
div #{translate("join_sl_to_view_project")}.
|
||||||
|
a(href="/login") #{translate("login_here")}
|
||||||
else if newTemplateData.templateName !== undefined
|
else if newTemplateData.templateName !== undefined
|
||||||
h1 #{translate("register_to_edit_template", {templateName:newTemplateData.templateName})}
|
h1 #{translate("register_to_edit_template", {templateName:newTemplateData.templateName})}
|
||||||
|
|
||||||
div #{translate("already_have_sl_account")}
|
div #{translate("already_have_sl_account")}
|
||||||
a(href="/login") #{translate("login_here")}
|
a(href="/login") #{translate("login_here")}
|
||||||
|
|
||||||
.row
|
.row
|
||||||
.col-md-6.col-md-offset-3.col-lg-4.col-lg-offset-4
|
.col-md-6.col-md-offset-3.col-lg-4.col-lg-offset-4
|
||||||
|
|
|
@ -214,9 +214,7 @@ describe "AuthenticationController", ->
|
||||||
@middleware(@req, @res, @next)
|
@middleware(@req, @res, @next)
|
||||||
|
|
||||||
it "should call getLoggedInUser with the passed options", ->
|
it "should call getLoggedInUser with the passed options", ->
|
||||||
@AuthenticationController.getLoggedInUser
|
@AuthenticationController.getLoggedInUser.calledWith(@req, { allow_auth_token: true }).should.equal true
|
||||||
.calledWith(@req, { allow_auth_token: true })
|
|
||||||
.should.equal true
|
|
||||||
|
|
||||||
it "should set the user property on the request", ->
|
it "should set the user property on the request", ->
|
||||||
@req.user.should.deep.equal @user
|
@req.user.should.deep.equal @user
|
||||||
|
@ -226,14 +224,12 @@ describe "AuthenticationController", ->
|
||||||
|
|
||||||
describe "when the user is not logged in", ->
|
describe "when the user is not logged in", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
@AuthenticationController._redirectToRegisterPage = sinon.stub()
|
@AuthenticationController._redirectToLoginOrRegisterPage = sinon.stub()
|
||||||
@AuthenticationController.getLoggedInUser = sinon.stub().callsArgWith(2, null, null)
|
@AuthenticationController.getLoggedInUser = sinon.stub().callsArgWith(2, null, null)
|
||||||
@middleware(@req, @res, @next)
|
@middleware(@req, @res, @next)
|
||||||
|
|
||||||
it "should redirect to the register page", ->
|
it "should redirect to the register page", ->
|
||||||
@AuthenticationController._redirectToRegisterPage
|
@AuthenticationController._redirectToLoginOrRegisterPage.calledWith(@req, @res).should.equal true
|
||||||
.calledWith(@req, @res)
|
|
||||||
.should.equal true
|
|
||||||
|
|
||||||
describe "when not loading from the database", ->
|
describe "when not loading from the database", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
|
@ -257,13 +253,12 @@ describe "AuthenticationController", ->
|
||||||
describe "when the user is not logged in", ->
|
describe "when the user is not logged in", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
@req.session = {}
|
@req.session = {}
|
||||||
@AuthenticationController._redirectToRegisterPage = sinon.stub()
|
@AuthenticationController._redirectToLoginOrRegisterPage = sinon.stub()
|
||||||
|
@req.query = {}
|
||||||
@middleware(@req, @res, @next)
|
@middleware(@req, @res, @next)
|
||||||
|
|
||||||
it "should redirect to the register page", ->
|
it "should redirect to the register or login page", ->
|
||||||
@AuthenticationController._redirectToRegisterPage
|
@AuthenticationController._redirectToLoginOrRegisterPage.calledWith(@req, @res).should.equal true
|
||||||
.calledWith(@req, @res)
|
|
||||||
.should.equal true
|
|
||||||
|
|
||||||
describe "when not loading from the database but an auth_token is provided", ->
|
describe "when not loading from the database but an auth_token is provided", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
|
@ -277,6 +272,49 @@ describe "AuthenticationController", ->
|
||||||
.calledWith(@req, {allow_auth_token: true})
|
.calledWith(@req, {allow_auth_token: true})
|
||||||
.should.equal true
|
.should.equal true
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
describe "_redirectToLoginOrRegisterPage", ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@middleware = @AuthenticationController.requireLogin(@options = { load_from_db: false })
|
||||||
|
@req.session = {}
|
||||||
|
@AuthenticationController._redirectToRegisterPage = sinon.stub()
|
||||||
|
@AuthenticationController._redirectToLoginPage = sinon.stub()
|
||||||
|
@req.query = {}
|
||||||
|
|
||||||
|
describe "they have come directly to the url", ->
|
||||||
|
beforeEach ->
|
||||||
|
@req.query = {}
|
||||||
|
@middleware(@req, @res, @next)
|
||||||
|
|
||||||
|
it "should redirect to the login page", ->
|
||||||
|
@AuthenticationController._redirectToRegisterPage.calledWith(@req, @res).should.equal false
|
||||||
|
@AuthenticationController._redirectToLoginPage.calledWith(@req, @res).should.equal true
|
||||||
|
|
||||||
|
describe "they have come via a templates link", ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@req.query.zipUrl = "something"
|
||||||
|
@middleware(@req, @res, @next)
|
||||||
|
|
||||||
|
it "should redirect to the register page", ->
|
||||||
|
@AuthenticationController._redirectToRegisterPage.calledWith(@req, @res).should.equal true
|
||||||
|
@AuthenticationController._redirectToLoginPage.calledWith(@req, @res).should.equal false
|
||||||
|
|
||||||
|
describe "they have been invited to a project", ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@req.query.project_name = "something"
|
||||||
|
@middleware(@req, @res, @next)
|
||||||
|
|
||||||
|
it "should redirect to the register page", ->
|
||||||
|
@AuthenticationController._redirectToRegisterPage.calledWith(@req, @res).should.equal true
|
||||||
|
@AuthenticationController._redirectToLoginPage.calledWith(@req, @res).should.equal false
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
describe "_redirectToRegisterPage", ->
|
describe "_redirectToRegisterPage", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
@req.path = "/target/url"
|
@req.path = "/target/url"
|
||||||
|
@ -293,9 +331,16 @@ describe "AuthenticationController", ->
|
||||||
.calledWith(url: @url, "user not logged in so redirecting to register page")
|
.calledWith(url: @url, "user not logged in so redirecting to register page")
|
||||||
.should.equal true
|
.should.equal true
|
||||||
|
|
||||||
it "should increase the security.login-redirect metric", ->
|
describe "_redirectToLoginPage", ->
|
||||||
@Metrics.inc.calledWith("security.login-redirect").should.equal true
|
beforeEach ->
|
||||||
|
@req.path = "/target/url"
|
||||||
|
@req.query =
|
||||||
|
extra_query: "foo"
|
||||||
|
@AuthenticationController._redirectToLoginPage(@req, @res)
|
||||||
|
|
||||||
|
it "should redirect to the register page with a query string attached", ->
|
||||||
|
@res.redirectedTo.should.equal "/login?extra_query=foo&redir=%2Ftarget%2Furl"
|
||||||
|
|
||||||
|
|
||||||
describe "_recordSuccessfulLogin", ->
|
describe "_recordSuccessfulLogin", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
|
|
Loading…
Reference in a new issue