From f0b227eee860a4f6ba5b640537a4aceb692632c6 Mon Sep 17 00:00:00 2001
From: Christopher Hoskin <mans0954@users.noreply.github.com>
Date: Mon, 20 Nov 2023 10:53:06 +0000
Subject: [PATCH] Merge pull request #15778 from
 overleaf/csh-refactor-ce-sp-settings

Refactor CE/SP settings

GitOrigin-RevId: fabcd14dd73fec810e1a357a743827dbc0702c57
---
 server-ce/config/settings.js | 240 -----------------------------------
 1 file changed, 240 deletions(-)

diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js
index a4bea36ced..3d4aea512a 100644
--- a/server-ce/config/settings.js
+++ b/server-ce/config/settings.js
@@ -421,246 +421,6 @@ if (parse(process.env.SHARELATEX_IS_SERVER_PRO) === true) {
   settings.apis.references = { url: 'http://localhost:3040' }
 }
 
-// LDAP - SERVER PRO ONLY
-// ----------
-
-if (process.env.SHARELATEX_LDAP_HOST) {
-  console.error(`\
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
-#
-#  WARNING: The LDAP configuration format has changed in version 0.5.1
-#  See https://github.com/sharelatex/sharelatex/wiki/Server-Pro:-LDAP-Config
-#
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #\
-`)
-}
-
-if (process.env.SHARELATEX_LDAP_URL) {
-  let _ldap_connect_timeout,
-    _ldap_group_search_attribs,
-    _ldap_search_attribs,
-    _ldap_timeout
-  settings.externalAuth = true
-  settings.ldap = {
-    emailAtt: process.env.SHARELATEX_LDAP_EMAIL_ATT,
-    nameAtt: process.env.SHARELATEX_LDAP_NAME_ATT,
-    lastNameAtt: process.env.SHARELATEX_LDAP_LAST_NAME_ATT,
-    updateUserDetailsOnLogin:
-      process.env.SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN === 'true',
-    placeholder: process.env.SHARELATEX_LDAP_PLACEHOLDER,
-    server: {
-      url: process.env.SHARELATEX_LDAP_URL,
-      bindDn: process.env.SHARELATEX_LDAP_BIND_DN,
-      bindCredentials: process.env.SHARELATEX_LDAP_BIND_CREDENTIALS,
-      bindProperty: process.env.SHARELATEX_LDAP_BIND_PROPERTY,
-      searchBase: process.env.SHARELATEX_LDAP_SEARCH_BASE,
-      searchScope: process.env.SHARELATEX_LDAP_SEARCH_SCOPE,
-      searchFilter: process.env.SHARELATEX_LDAP_SEARCH_FILTER,
-      searchAttributes: (_ldap_search_attribs =
-        process.env.SHARELATEX_LDAP_SEARCH_ATTRIBUTES)
-        ? (() => {
-            try {
-              return JSON.parse(_ldap_search_attribs)
-            } catch (error3) {
-              e = error3
-              return console.error(
-                'could not parse SHARELATEX_LDAP_SEARCH_ATTRIBUTES'
-              )
-            }
-          })()
-        : undefined,
-      groupDnProperty: process.env.SHARELATEX_LDAP_GROUP_DN_PROPERTY,
-      groupSearchBase: process.env.SHARELATEX_LDAP_GROUP_SEARCH_BASE,
-      groupSearchScope: process.env.SHARELATEX_LDAP_GROUP_SEARCH_SCOPE,
-      groupSearchFilter: process.env.SHARELATEX_LDAP_GROUP_SEARCH_FILTER,
-      groupSearchAttributes: (_ldap_group_search_attribs =
-        process.env.SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES)
-        ? (() => {
-            try {
-              return JSON.parse(_ldap_group_search_attribs)
-            } catch (error4) {
-              e = error4
-              return console.error(
-                'could not parse SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES'
-              )
-            }
-          })()
-        : undefined,
-      cache: process.env.SHARELATEX_LDAP_CACHE === 'true',
-      timeout: (_ldap_timeout = process.env.SHARELATEX_LDAP_TIMEOUT)
-        ? (() => {
-            try {
-              return parseIntOrFail(_ldap_timeout)
-            } catch (error5) {
-              e = error5
-              return console.error('Cannot parse SHARELATEX_LDAP_TIMEOUT')
-            }
-          })()
-        : undefined,
-      connectTimeout: (_ldap_connect_timeout =
-        process.env.SHARELATEX_LDAP_CONNECT_TIMEOUT)
-        ? (() => {
-            try {
-              return parseIntOrFail(_ldap_connect_timeout)
-            } catch (error6) {
-              e = error6
-              return console.error(
-                'Cannot parse SHARELATEX_LDAP_CONNECT_TIMEOUT'
-              )
-            }
-          })()
-        : undefined,
-    },
-  }
-
-  if (process.env.SHARELATEX_LDAP_TLS_OPTS_CA_PATH) {
-    let ca, ca_paths
-    try {
-      ca = JSON.parse(process.env.SHARELATEX_LDAP_TLS_OPTS_CA_PATH)
-    } catch (error7) {
-      e = error7
-      console.error(
-        'could not parse SHARELATEX_LDAP_TLS_OPTS_CA_PATH, invalid JSON'
-      )
-    }
-
-    if (typeof ca === 'string') {
-      ca_paths = [ca]
-    } else if (
-      typeof ca === 'object' &&
-      (ca != null ? ca.length : undefined) != null
-    ) {
-      ca_paths = ca
-    } else {
-      console.error('problem parsing SHARELATEX_LDAP_TLS_OPTS_CA_PATH')
-    }
-
-    settings.ldap.server.tlsOptions = {
-      rejectUnauthorized:
-        process.env.SHARELATEX_LDAP_TLS_OPTS_REJECT_UNAUTH === 'true',
-      ca: ca_paths, // e.g.'/etc/ldap/ca_certs.pem'
-    }
-  }
-}
-
-if (process.env.SHARELATEX_SAML_ENTRYPOINT) {
-  // NOTE: see https://github.com/node-saml/passport-saml/blob/master/README.md for docs of `server` options
-  let _saml_additionalAuthorizeParams,
-    _saml_additionalLogoutParams,
-    _saml_additionalParams,
-    _saml_expiration,
-    _saml_skew
-  settings.externalAuth = true
-  settings.saml = {
-    updateUserDetailsOnLogin:
-      process.env.SHARELATEX_SAML_UPDATE_USER_DETAILS_ON_LOGIN === 'true',
-    identityServiceName: process.env.SHARELATEX_SAML_IDENTITY_SERVICE_NAME,
-    emailField:
-      process.env.SHARELATEX_SAML_EMAIL_FIELD ||
-      process.env.SHARELATEX_SAML_EMAIL_FIELD_NAME,
-    firstNameField: process.env.SHARELATEX_SAML_FIRST_NAME_FIELD,
-    lastNameField: process.env.SHARELATEX_SAML_LAST_NAME_FIELD,
-    server: {
-      // strings
-      entryPoint: process.env.SHARELATEX_SAML_ENTRYPOINT,
-      callbackUrl: process.env.SHARELATEX_SAML_CALLBACK_URL,
-      issuer: process.env.SHARELATEX_SAML_ISSUER,
-      decryptionPvk: process.env.SHARELATEX_SAML_DECRYPTION_PVK,
-      decryptionCert: process.env.SHARELATEX_SAML_DECRYPTION_CERT,
-      signingCert: process.env.SHARELATEX_SAML_SIGNING_CERT,
-      signatureAlgorithm: process.env.SHARELATEX_SAML_SIGNATURE_ALGORITHM,
-      identifierFormat: process.env.SHARELATEX_SAML_IDENTIFIER_FORMAT,
-      attributeConsumingServiceIndex:
-        process.env.SHARELATEX_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX,
-      authnContext:
-        process.env.SHARELATEX_SAML_AUTHN_CONTEXT &&
-        process.env.SHARELATEX_SAML_AUTHN_CONTEXT.split(','),
-      authnRequestBinding: process.env.SHARELATEX_SAML_AUTHN_REQUEST_BINDING,
-      validateInResponseTo: process.env.SHARELATEX_SAML_VALIDATE_IN_RESPONSE_TO,
-      cacheProvider: process.env.SHARELATEX_SAML_CACHE_PROVIDER,
-      logoutUrl: process.env.SHARELATEX_SAML_LOGOUT_URL,
-      logoutCallbackUrl: process.env.SHARELATEX_SAML_LOGOUT_CALLBACK_URL,
-      disableRequestedAuthnContext:
-        process.env.SHARELATEX_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT === 'true',
-      forceAuthn: process.env.SHARELATEX_SAML_FORCE_AUTHN === 'true',
-      skipRequestCompression:
-        process.env.SHARELATEX_SAML_SKIP_REQUEST_COMPRESSION === 'true',
-      acceptedClockSkewMs: (_saml_skew =
-        process.env.SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS)
-        ? (() => {
-            try {
-              return parseIntOrFail(_saml_skew)
-            } catch (error8) {
-              e = error8
-              return console.error(
-                'Cannot parse SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS'
-              )
-            }
-          })()
-        : undefined,
-      requestIdExpirationPeriodMs: (_saml_expiration =
-        process.env.SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS)
-        ? (() => {
-            try {
-              return parseIntOrFail(_saml_expiration)
-            } catch (error9) {
-              e = error9
-              return console.error(
-                'Cannot parse SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS'
-              )
-            }
-          })()
-        : undefined,
-      additionalParams: (_saml_additionalParams =
-        process.env.SHARELATEX_SAML_ADDITIONAL_PARAMS)
-        ? (() => {
-            try {
-              return JSON.parse(_saml_additionalParams)
-            } catch (error10) {
-              e = error10
-              return console.error(
-                'Cannot parse SHARELATEX_SAML_ADDITIONAL_PARAMS'
-              )
-            }
-          })()
-        : undefined,
-      additionalAuthorizeParams: (_saml_additionalAuthorizeParams =
-        process.env.SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS)
-        ? (() => {
-            try {
-              return JSON.parse(_saml_additionalAuthorizeParams)
-            } catch (error11) {
-              e = error11
-              return console.error(
-                'Cannot parse SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS'
-              )
-            }
-          })()
-        : undefined,
-      additionalLogoutParams: (_saml_additionalLogoutParams =
-        process.env.SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS)
-        ? (() => {
-            try {
-              return JSON.parse(_saml_additionalLogoutParams)
-            } catch (error12) {
-              e = error12
-              return console.error(
-                'Cannot parse SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS'
-              )
-            }
-          })()
-        : undefined,
-    },
-  }
-
-  // SHARELATEX_SAML_CERT cannot be empty
-  // https://github.com/node-saml/passport-saml/commit/f6b1c885c0717f1083c664345556b535f217c102
-  if (process.env.SHARELATEX_SAML_CERT) {
-    settings.saml.server.cert = process.env.SHARELATEX_SAML_CERT
-    settings.saml.server.privateKey = process.env.SHARELATEX_SAML_PRIVATE_CERT
-  }
-}
-
 // Compiler
 // --------
 if (process.env.SANDBOXED_COMPILES === 'true') {