Hotfix 2.4.2 - fix anon read/write sharing

2024-10-17 21:05:04 -04:00 · 2020-09-29 10:30:20 +02:00 · 2020-09-29 10:30:20 +02:00 · cfbd5c3bd4
commit cfbd5c3bd4
parent 28f326fd98
3 changed files with 53 additions and 0 deletions
--- a/hotfix/2.4.2/Dockerfile
+++ b/hotfix/2.4.2/Dockerfile
@ -0,0 +1,10 @@
+FROM sharelatex/sharelatex:2.4.1
+
+
+# Patch: Fixes anonymous read/write sharing
+ADD anonymous-metadata-router.patch /var/www/sharelatex/web/app/src/anonymous-metadata-router.patch
+RUN cd /var/www/sharelatex/web/app/src && \
+    patch < anonymous-metadata-router.patch
+ADD anonymous-metadata-contacts.patch /var/www/sharelatex/web/app/src/Features/Contacts/anonymous-metadata-contacts.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/Contacts && \
+    patch < anonymous-metadata-contacts.patch
--- a/hotfix/2.4.2/anonymous-metadata-contacts.patch
+++ b/hotfix/2.4.2/anonymous-metadata-contacts.patch
@ -0,0 +1,20 @@
+--- a/ContactRouter.js
+++ b/ContactRouter.js
+@@ -5,6 +5,8 @@
+  * DS102: Remove unnecessary code created because of implicit returns
+  * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
+  */
+const Settings = require('settings-sharelatex')
+
+ const AuthenticationController = require('../Authentication/AuthenticationController')
+ const ContactController = require('./ContactController')
+ 
+@@ -12,7 +14,7 @@
+   apply(webRouter, apiRouter) {
+     return webRouter.get(
+       '/user/contacts',
+-      AuthenticationController.requireLogin(),
+      Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
+       ContactController.getContacts
+     )
+   }
--- a/hotfix/2.4.2/anonymous-metadata-router.patch
+++ b/hotfix/2.4.2/anonymous-metadata-router.patch
@ -0,0 +1,23 @@
+--- a/router.js
+++ b/router.js
+@@ -607,16 +607,17 @@
+     ProjectDownloadsController.downloadMultipleProjects
+   )
+ 
+  console.log(`allowAnonymousReadAndWriteSharing: ${Settings.allowAnonymousReadAndWriteSharing}`)
+   webRouter.get(
+     '/project/:project_id/metadata',
+     AuthorizationMiddleware.ensureUserCanReadProject,
+-    AuthenticationController.requireLogin(),
+    Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
+     MetaController.getMetadata
+-  )
+  ) 
+   webRouter.post(
+     '/project/:project_id/doc/:doc_id/metadata',
+     AuthorizationMiddleware.ensureUserCanReadProject,
+-    AuthenticationController.requireLogin(),
+    Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
+     MetaController.broadcastMetadataForDoc
+   )
+   privateApiRouter.post(