diff --git a/services/web/app/src/Features/Subscription/SubscriptionController.js b/services/web/app/src/Features/Subscription/SubscriptionController.js index aa015eadbf..6541b300dd 100644 --- a/services/web/app/src/Features/Subscription/SubscriptionController.js +++ b/services/web/app/src/Features/Subscription/SubscriptionController.js @@ -25,6 +25,7 @@ const SubscriptionHelper = require('./SubscriptionHelper') const Features = require('../../infrastructure/Features') const UserGetter = require('../User/UserGetter') const Modules = require('../../infrastructure/Modules') +const AuthorizationManager = require('../Authorization/AuthorizationManager') const groupPlanModalOptions = Settings.groupPlanModalOptions const validGroupPlanModalOptions = { @@ -814,9 +815,15 @@ async function redirectToHostedPage(req, res) { } async function _getRecommendedCurrency(req, res) { - const currencyLookup = await GeoIpLookup.promises.getCurrencyCode( - req.query?.ip || req.ip - ) + const userId = SessionManager.getLoggedInUserId(req.session) + let ip = req.ip + if ( + req.query?.ip && + (await AuthorizationManager.promises.isUserSiteAdmin(userId)) + ) { + ip = req.query.ip + } + const currencyLookup = await GeoIpLookup.promises.getCurrencyCode(ip) const countryCode = currencyLookup.countryCode let assignmentINR, assignmentLATAM let recommendedCurrency = currencyLookup.currencyCode diff --git a/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js b/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js index fd96bf6f3c..a89bc5616b 100644 --- a/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js +++ b/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js @@ -109,6 +109,11 @@ describe('SubscriptionController', function () { }, siteUrl: 'http://de.sharelatex.dev:3000', } + this.AuthorizationManager = { + promises: { + isUserSiteAdmin: sinon.stub().resolves(false), + }, + } this.GeoIpLookup = { isValidCurrencyParam: sinon.stub().returns(true), getCurrencyCode: sinon.stub(), @@ -135,6 +140,7 @@ describe('SubscriptionController', function () { } this.SubscriptionController = SandboxedModule.require(modulePath, { requires: { + '../Authorization/AuthorizationManager': this.AuthorizationManager, '../SplitTests/SplitTestHandler': this.SplitTestV2Hander, '../Authentication/SessionManager': this.SessionManager, './SubscriptionHandler': this.SubscriptionHandler, @@ -183,6 +189,36 @@ describe('SubscriptionController', function () { }) }) + describe('ip override', function () { + beforeEach(function () { + this.req.ip = '1.2.3.4' + this.req.query = { ip: '5.6.7.8' } + this.GeoIpLookup.promises.getCurrencyCode.withArgs('1.2.3.4').resolves({ + currencyCode: 'GBP', + }) + this.GeoIpLookup.promises.getCurrencyCode.withArgs('5.6.7.8').resolves({ + currencyCode: 'USD', + }) + }) + it('should ignore override for non admin', function (done) { + this.res.render = (page, opts) => { + opts.recommendedCurrency.should.equal('GBP') + done() + } + this.AuthorizationManager.promises.isUserSiteAdmin.resolves(false) + this.SubscriptionController.plansPage(this.req, this.res) + }) + + it('should accept override for admin', function (done) { + this.res.render = (page, opts) => { + opts.recommendedCurrency.should.equal('USD') + done() + } + this.AuthorizationManager.promises.isUserSiteAdmin.resolves(true) + this.SubscriptionController.plansPage(this.req, this.res) + }) + }) + describe('groupPlanModal data', function () { it('should pass local currency if valid', function (done) { this.res.render = (page, opts) => {