Merge pull request #3858 from overleaf/ab-ae-remove-token-project-invite

Remove token from project invites object returned to frontend

GitOrigin-RevId: 439fdb6fb44af1f46a9f16c4be8cc1d4fce8b562
This commit is contained in:
Simon Detheridge 2021-03-30 17:39:00 +01:00 committed by Copybot
parent 036018d65c
commit f02d4feea2
2 changed files with 13 additions and 4 deletions

View file

@ -49,7 +49,9 @@ module.exports = ProjectEditorHandler = {
if (result.invites == null) { if (result.invites == null) {
result.invites = [] result.invites = []
} }
result.invites.forEach(invite => {
delete invite.token
})
;({ owner, ownerFeatures, members } = this.buildOwnerAndMembersViews( ;({ owner, ownerFeatures, members } = this.buildOwnerAndMembersViews(
members members
)) ))

View file

@ -97,20 +97,22 @@ describe('ProjectEditorHandler', function() {
_id: 'invite_one', _id: 'invite_one',
email: 'user-one@example.com', email: 'user-one@example.com',
privileges: 'readOnly', privileges: 'readOnly',
projectId: this.project._id projectId: this.project._id,
token: 'my-secret-token1'
}, },
{ {
_id: 'invite_two', _id: 'invite_two',
email: 'user-two@example.com', email: 'user-two@example.com',
privileges: 'readOnly', privileges: 'readOnly',
projectId: this.project._id projectId: this.project._id,
token: 'my-secret-token2'
} }
] ]
return (this.handler = SandboxedModule.require(modulePath)) return (this.handler = SandboxedModule.require(modulePath))
}) })
describe('buildProjectModelView', function() { describe('buildProjectModelView', function() {
describe('with owner and members included', function() { describe('with owner, members and invites included', function() {
beforeEach(function() { beforeEach(function() {
return (this.result = this.handler.buildProjectModelView( return (this.result = this.handler.buildProjectModelView(
this.project, this.project,
@ -159,6 +161,11 @@ describe('ProjectEditorHandler', function() {
]) ])
}) })
it('invites should not include the token', function() {
should.not.exist(this.result.invites[0].token)
should.not.exist(this.result.invites[1].token)
})
it('should gather readOnly_refs and collaberators_refs into a list of members', function() { it('should gather readOnly_refs and collaberators_refs into a list of members', function() {
const findMember = id => { const findMember = id => {
for (let member of Array.from(this.result.members)) { for (let member of Array.from(this.result.members)) {