Hotfix 2.4.2 - fix anon read/write sharing

This commit is contained in:
Miguel Serrano 2020-09-29 10:30:20 +02:00
parent 28f326fd98
commit cfbd5c3bd4
3 changed files with 53 additions and 0 deletions

10
hotfix/2.4.2/Dockerfile Normal file
View file

@ -0,0 +1,10 @@
FROM sharelatex/sharelatex:2.4.1
# Patch: Fixes anonymous read/write sharing
ADD anonymous-metadata-router.patch /var/www/sharelatex/web/app/src/anonymous-metadata-router.patch
RUN cd /var/www/sharelatex/web/app/src && \
patch < anonymous-metadata-router.patch
ADD anonymous-metadata-contacts.patch /var/www/sharelatex/web/app/src/Features/Contacts/anonymous-metadata-contacts.patch
RUN cd /var/www/sharelatex/web/app/src/Features/Contacts && \
patch < anonymous-metadata-contacts.patch

View file

@ -0,0 +1,20 @@
--- a/ContactRouter.js
+++ b/ContactRouter.js
@@ -5,6 +5,8 @@
* DS102: Remove unnecessary code created because of implicit returns
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
+const Settings = require('settings-sharelatex')
+
const AuthenticationController = require('../Authentication/AuthenticationController')
const ContactController = require('./ContactController')
@@ -12,7 +14,7 @@
apply(webRouter, apiRouter) {
return webRouter.get(
'/user/contacts',
- AuthenticationController.requireLogin(),
+ Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
ContactController.getContacts
)
}

View file

@ -0,0 +1,23 @@
--- a/router.js
+++ b/router.js
@@ -607,16 +607,17 @@
ProjectDownloadsController.downloadMultipleProjects
)
+ console.log(`allowAnonymousReadAndWriteSharing: ${Settings.allowAnonymousReadAndWriteSharing}`)
webRouter.get(
'/project/:project_id/metadata',
AuthorizationMiddleware.ensureUserCanReadProject,
- AuthenticationController.requireLogin(),
+ Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
MetaController.getMetadata
- )
+ )
webRouter.post(
'/project/:project_id/doc/:doc_id/metadata',
AuthorizationMiddleware.ensureUserCanReadProject,
- AuthenticationController.requireLogin(),
+ Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
MetaController.broadcastMetadataForDoc
)
privateApiRouter.post(