Commit graph

39 commits

Author SHA1 Message Date
Alasdair Smith
1330c8da73 Also check if v1 project exported if not found for read-only tokens 2018-09-28 11:47:14 +01:00
Alasdair Smith
435fe11115 Check if v1 project was exported if not found
This prevents a redirect loop for projects which were exported but then
deleted on v2. v2 would not find the project, redirect to v1, which
would find that it was exported and redirect back to v2.
2018-09-28 11:47:14 +01:00
Ersun Warncke
7b90fcb186 Merge pull request #969 from sharelatex/ew-check-doc-token-access
check access for doc on read only token
2018-09-25 08:35:56 -04:00
Ersun Warncke
eeed857dd9 change api path 2018-09-25 06:45:27 -04:00
Ersun Warncke
f0c0834b0f only do v1 access check when api config present 2018-09-25 05:42:04 -04:00
Alasdair Smith
298ee2dbb4 Fix v1 return to path 2018-09-25 10:06:24 +01:00
Alasdair Smith
ca895ae1b1 Redirect to v1 via sign in link 2018-09-25 09:37:22 +01:00
Ersun Warncke
f89e85231a check access for doc on read only token 2018-09-24 18:03:28 -04:00
Alasdair Smith
d6350c963e Remove projectExists flag from higher access check
Now that find project by read and read/write token methods check whether
the project exists, it is not neccessary to check whether the project
exists in the higher access check. Therefore it has been removed
2018-09-24 19:00:10 +01:00
Alasdair Smith
99dec02266 If no project found for read/write token, redirect to v1 2018-09-24 19:00:10 +01:00
Alasdair Smith
237810509a If no project found for read token, redirect to v1 2018-09-24 19:00:10 +01:00
Alasdair Smith
f37040e4a4 Only redirect if has overleaf setting 2018-09-13 12:09:19 +01:00
Alasdair Smith
8a969d1c25 Redirect directly from controller instead of via handler 2018-09-13 12:09:19 +01:00
Alasdair Smith
9d600afdf8 Fix failing tests for token access
If project was changed from token access to private, then we want to
404 on v2 (not redirect to v1). So the logic was changed to check if the
project exists and if it does then a 404 is returned. If it does not
then it redirects to v1.
2018-09-13 12:09:19 +01:00
Alasdair Smith
e0ce988d32 Intelligently redirect to v1 if no v2 project found for token 2018-09-13 12:09:19 +01:00
Shane Kilkelly
5df4556e9c Set redirect when bouncing away from token route
This ensures that when the user logs in they will be redirected back
to this token, the page they wanted to access in the first place.
2017-11-15 13:30:40 +00:00
Shane Kilkelly
2b4d516353 When anon is denied access to read-write token, redirect to restricted 2017-11-06 16:46:42 +00:00
Shane Kilkelly
caf6315d4d Remove old module import 2017-11-03 15:26:38 +00:00
Shane Kilkelly
fcb04472a1 De-duplicate logic in TokenAccessController 2017-11-01 14:05:29 +00:00
Shane Kilkelly
d8486afe5d Account for higher-access in the token read-only path too 2017-11-01 14:01:00 +00:00
Shane Kilkelly
9984ab081e Generalise the higher-access logic for read-write token path 2017-11-01 11:50:04 +00:00
Shane Kilkelly
b36849d262 Remove a dead event 2017-11-01 11:03:07 +00:00
Shane Kilkelly
a212fb1a05 Add "[TokenAccess]" context to log lines 2017-10-31 14:27:43 +00:00
Shane Kilkelly
8561b69ee9 Remove tokenMembers sync to clients 2017-10-25 11:29:05 +01:00
Shane Kilkelly
74c231826d WIP: track changes with token-access 2017-10-25 10:34:18 +01:00
Shane Kilkelly
0e44b319db Change anonToken and such to anonymousAccessToken 2017-10-20 10:10:21 +01:00
Shane Kilkelly
eab77aba91 Abstract away the token-protection logic 2017-10-19 16:26:01 +01:00
Shane Kilkelly
7d2bde85ff Add a setting to enable anonymous read-and-write link sharing 2017-10-18 13:04:37 +01:00
Shane Kilkelly
855fe2e143 If user is project owner, don't add them as a token user 2017-10-16 16:44:20 +01:00
Shane Kilkelly
ad999a72b6 If a token-based project not found, check private overleaf project 2017-10-16 13:20:15 +01:00
Shane Kilkelly
ac513a1355 Refactor to not pass req down into Auth modules 2017-10-13 11:20:57 +01:00
Shane Kilkelly
b6c2a8f7f7 Tidy up callbacks 2017-10-03 14:14:22 +01:00
Shane Kilkelly
7b33f8b4c2 Unit test TokenAccessController 2017-10-03 14:04:59 +01:00
Shane Kilkelly
ede497f4b3 Unit test TokenAccessHandler 2017-10-03 10:02:26 +01:00
Shane Kilkelly
9f24f696a5 Use custom header, send anonToken in payload to joinProject 2017-09-29 16:32:07 +01:00
Shane Kilkelly
34d4d1360f Anon read-token: add an Authorization header to $http 2017-09-29 15:54:55 +01:00
Shane Kilkelly
9810f63245 Render editor for token access, stub out ui changes 2017-09-28 16:06:08 +01:00
Shane Kilkelly
574b115022 Working token-based access 2017-09-27 14:01:52 +01:00
Shane Kilkelly
81170d472d Add token-access routes 2017-09-22 14:54:35 +01:00