Alasdair Smith
1330c8da73
Also check if v1 project exported if not found for read-only tokens
2018-09-28 11:47:14 +01:00
Alasdair Smith
435fe11115
Check if v1 project was exported if not found
...
This prevents a redirect loop for projects which were exported but then
deleted on v2. v2 would not find the project, redirect to v1, which
would find that it was exported and redirect back to v2.
2018-09-28 11:47:14 +01:00
Ersun Warncke
7b90fcb186
Merge pull request #969 from sharelatex/ew-check-doc-token-access
...
check access for doc on read only token
2018-09-25 08:35:56 -04:00
Ersun Warncke
eeed857dd9
change api path
2018-09-25 06:45:27 -04:00
Ersun Warncke
f0c0834b0f
only do v1 access check when api config present
2018-09-25 05:42:04 -04:00
Alasdair Smith
298ee2dbb4
Fix v1 return to path
2018-09-25 10:06:24 +01:00
Alasdair Smith
ca895ae1b1
Redirect to v1 via sign in link
2018-09-25 09:37:22 +01:00
Ersun Warncke
f89e85231a
check access for doc on read only token
2018-09-24 18:03:28 -04:00
Alasdair Smith
d6350c963e
Remove projectExists flag from higher access check
...
Now that find project by read and read/write token methods check whether
the project exists, it is not neccessary to check whether the project
exists in the higher access check. Therefore it has been removed
2018-09-24 19:00:10 +01:00
Alasdair Smith
99dec02266
If no project found for read/write token, redirect to v1
2018-09-24 19:00:10 +01:00
Alasdair Smith
237810509a
If no project found for read token, redirect to v1
2018-09-24 19:00:10 +01:00
Alasdair Smith
f37040e4a4
Only redirect if has overleaf setting
2018-09-13 12:09:19 +01:00
Alasdair Smith
8a969d1c25
Redirect directly from controller instead of via handler
2018-09-13 12:09:19 +01:00
Alasdair Smith
9d600afdf8
Fix failing tests for token access
...
If project was changed from token access to private, then we want to
404 on v2 (not redirect to v1). So the logic was changed to check if the
project exists and if it does then a 404 is returned. If it does not
then it redirects to v1.
2018-09-13 12:09:19 +01:00
Alasdair Smith
e0ce988d32
Intelligently redirect to v1 if no v2 project found for token
2018-09-13 12:09:19 +01:00
Shane Kilkelly
5df4556e9c
Set redirect when bouncing away from token route
...
This ensures that when the user logs in they will be redirected back
to this token, the page they wanted to access in the first place.
2017-11-15 13:30:40 +00:00
Shane Kilkelly
2b4d516353
When anon is denied access to read-write token, redirect to restricted
2017-11-06 16:46:42 +00:00
Shane Kilkelly
caf6315d4d
Remove old module import
2017-11-03 15:26:38 +00:00
Shane Kilkelly
fcb04472a1
De-duplicate logic in TokenAccessController
2017-11-01 14:05:29 +00:00
Shane Kilkelly
d8486afe5d
Account for higher-access in the token read-only path too
2017-11-01 14:01:00 +00:00
Shane Kilkelly
9984ab081e
Generalise the higher-access logic for read-write token path
2017-11-01 11:50:04 +00:00
Shane Kilkelly
b36849d262
Remove a dead event
2017-11-01 11:03:07 +00:00
Shane Kilkelly
a212fb1a05
Add "[TokenAccess]" context to log lines
2017-10-31 14:27:43 +00:00
Shane Kilkelly
8561b69ee9
Remove tokenMembers sync to clients
2017-10-25 11:29:05 +01:00
Shane Kilkelly
74c231826d
WIP: track changes with token-access
2017-10-25 10:34:18 +01:00
Shane Kilkelly
0e44b319db
Change anonToken
and such to anonymousAccessToken
2017-10-20 10:10:21 +01:00
Shane Kilkelly
eab77aba91
Abstract away the token-protection logic
2017-10-19 16:26:01 +01:00
Shane Kilkelly
7d2bde85ff
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 13:04:37 +01:00
Shane Kilkelly
855fe2e143
If user is project owner, don't add them as a token user
2017-10-16 16:44:20 +01:00
Shane Kilkelly
ad999a72b6
If a token-based project not found, check private overleaf project
2017-10-16 13:20:15 +01:00
Shane Kilkelly
ac513a1355
Refactor to not pass req
down into Auth modules
2017-10-13 11:20:57 +01:00
Shane Kilkelly
b6c2a8f7f7
Tidy up callbacks
2017-10-03 14:14:22 +01:00
Shane Kilkelly
7b33f8b4c2
Unit test TokenAccessController
2017-10-03 14:04:59 +01:00
Shane Kilkelly
ede497f4b3
Unit test TokenAccessHandler
2017-10-03 10:02:26 +01:00
Shane Kilkelly
9f24f696a5
Use custom header, send anonToken in payload to joinProject
2017-09-29 16:32:07 +01:00
Shane Kilkelly
34d4d1360f
Anon read-token: add an Authorization header to $http
2017-09-29 15:54:55 +01:00
Shane Kilkelly
9810f63245
Render editor for token access, stub out ui changes
2017-09-28 16:06:08 +01:00
Shane Kilkelly
574b115022
Working token-based access
2017-09-27 14:01:52 +01:00
Shane Kilkelly
81170d472d
Add token-access routes
2017-09-22 14:54:35 +01:00