Merge pull request #2337 from overleaf/jel-saml-already-linked

Institution linking and unlinking GitOrigin-RevId: 1c3665fc66513c3e88a62ed477800c17759459ff
2025-03-15 04:24:52 +00:00 · 2019-11-12 08:59:04 -05:00 · 2019-11-12 08:59:04 -05:00 · b5d7887dfb
commit b5d7887dfb
parent 3bd15b1a47
5 changed files with 59 additions and 5 deletions
--- a/services/web/app/src/Features/Project/ProjectController.js
+++ b/services/web/app/src/Features/Project/ProjectController.js
@ -497,7 +497,7 @@ const ProjectController = {
            // Notification: After SSO Linked or Logging in
            // The requested email does not match primary email returned from
            // the institution
-            if (samlSession.emailNonCanonical) {
+            if (samlSession.emailNonCanonical && !samlSession.linkedToAnother) {
              notificationsInstitution.push({
                institutionEmail: samlSession.emailNonCanonical,
                requestedEmail: samlSession.requestedEmail,
@ -509,12 +509,23 @@ const ProjectController = {
            // registerIntercept is set before the institution callback.
            // institutionEmail is set after institution callback.
            // Check for both in case SSO flow was abandoned
-            if (samlSession.registerIntercept && samlSession.institutionEmail) {
+            if (
+              samlSession.registerIntercept &&
+              samlSession.institutionEmail &&
+              !samlSession.linkedToAnother
+            ) {
              notificationsInstitution.push({
                email: samlSession.institutionEmail,
                templateKey: 'notification_institution_sso_already_registered'
              })
            }
+
+            // Notification: Already linked to another account
+            if (samlSession.linkedToAnother) {
+              notificationsInstitution.push({
+                templateKey: 'notification_institution_sso_linked_by_another'
+              })
+            }
          }
          delete req.session.saml
        }
--- a/services/web/app/src/Features/User/UserPagesController.js
+++ b/services/web/app/src/Features/User/UserPagesController.js
@ -124,7 +124,10 @@ const UserPagesController = {
        institutionLinked
      )
    }
-    const institutionNotLinked = _.get(req.session, ['saml', 'notLinked'])
+    const institutionLinkedToAnother = _.get(req.session, [
+      'saml',
+      'linkedToAnother'
+    ])
    const institutionEmailNonCanonical = _.get(req.session, [
      'saml',
      'emailNonCanonical'
@ -157,7 +160,7 @@ const UserPagesController = {
        ),
        oauthUseV2: Settings.oauthUseV2 || false,
        institutionLinked,
-        institutionNotLinked,
+        institutionLinkedToAnother,
        institutionEmailNonCanonical,
        samlBeta: req.session.samlBeta,
        ssoError: ssoError,
--- a/services/web/app/views/project/list/notifications.pug
+++ b/services/web/app/views/project/list/notifications.pug
@ -170,6 +170,17 @@
 							span(aria-hidden="true") &times;
 							span.sr-only #{translate("close")}

+				.alert.alert-danger(
+					ng-switch-when="notification_institution_sso_linked_by_another"
+				)
+					.notification-body
+						div 
+							i.fa.fa-fw.fa-exclamation-triangle(aria-hidden="true")
+							| !{translate("institution_account_tried_to_add_already_registered")}
+					.notification-close
+						button(ng-click="dismiss(notification)").close.pull-right
+							span(aria-hidden="true") &times;
+							span.sr-only #{translate("close")}

 	ul.list-unstyled(
 		ng-controller="EmailNotificationController",
--- a/services/web/app/views/user/settings/user-affiliations.pug
+++ b/services/web/app/views/user/settings/user-affiliations.pug
@ -255,7 +255,7 @@ form.row(
 									i.fa.fa-exclamation-triangle(aria-hidden="true")
 									| &nbsp;
 									| !{translate("in_order_to_match_institutional_metadata", {email: institutionEmailNonCanonical})}
-				if institutionNotLinked
+				if institutionLinkedToAnother
 					tr.affiliations-table-error-row(ng-if="!hideInstitutionNotifications.error")
 						td.text-center(aria-live="assertive" colspan="3")
 							button.close(
--- a/services/web/test/unit/src/Project/ProjectControllerTests.js
+++ b/services/web/test/unit/src/Project/ProjectControllerTests.js
@ -771,6 +771,35 @@ describe('ProjectController', function() {
        }
        this.ProjectController.projectListPage(this.req, this.res)
      })
+      it('should show institution account linked to another account', function() {
+        this.res.render = (pageName, opts) => {
+          expect(opts.notificationsInstitution).to.deep.include({
+            templateKey: 'notification_institution_sso_linked_by_another'
+          })
+          // Also check other notifications are not shown
+          expect(opts.notificationsInstitution).to.not.deep.include({
+            email: this.institutionEmail,
+            templateKey: 'notification_institution_sso_already_registered'
+          })
+          expect(opts.notificationsInstitution).to.not.deep.include({
+            institutionEmail: this.institutionEmail,
+            requestedEmail: 'requested@overleaf.com',
+            templateKey: 'notification_institution_sso_non_canonical'
+          })
+          expect(opts.notificationsInstitution).to.not.deep.include({
+            email: this.institutionEmail,
+            institutionName: this.institutionName,
+            templateKey: 'notification_institution_sso_linked'
+          })
+        }
+        this.req.session.saml = {
+          emailNonCanonical: this.institutionEmail,
+          institutionEmail: this.institutionEmail,
+          requestedEmail: 'requested@overleaf.com',
+          linkedToAnother: true
+        }
+        this.ProjectController.projectListPage(this.req, this.res)
+      })
    })

    describe('When Institution SSO is not released', function() {