overleaf/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
Shane Kilkelly 5df4556e9c Set redirect when bouncing away from token route
This ensures that when the user logs in they will be redirected back
to this token, the page they wanted to access in the first place.
2017-11-15 13:30:40 +00:00

107 lines
4.8 KiB
CoffeeScript

ProjectController = require "../Project/ProjectController"
AuthenticationController = require '../Authentication/AuthenticationController'
TokenAccessHandler = require './TokenAccessHandler'
Errors = require '../Errors/Errors'
logger = require 'logger-sharelatex'
module.exports = TokenAccessController =
_loadEditor: (projectId, req, res, next) ->
req.params.Project_id = projectId.toString()
return ProjectController.loadEditor(req, res, next)
_tryHigherAccess: (token, userId, req, res, next) ->
TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
if err?
logger.err {err, token, userId},
"[TokenAccess] error finding project with higher access"
return next(err)
if !project?
logger.log {token, userId},
"[TokenAccess] no project with higher access found for this user and token"
return next(new Errors.NotFoundError())
logger.log {token, userId, projectId: project._id},
"[TokenAccess] user has higher access to project, redirecting"
res.redirect(302, "/project/#{project._id}")
readAndWriteToken: (req, res, next) ->
userId = AuthenticationController.getLoggedInUserId(req)
token = req.params['read_and_write_token']
logger.log {userId, token}, "[TokenAccess] requesting read-and-write token access"
TokenAccessHandler.findProjectWithReadAndWriteToken token, (err, project) ->
if err?
logger.err {err, token, userId},
"[TokenAccess] error getting project by readAndWrite token"
return next(err)
if !project?
logger.log {token, userId},
"[TokenAccess] no token-based project found for readAndWrite token"
if !userId?
logger.log {token},
"[TokenAccess] No project found with read-write token, anonymous user, deny"
return next(new Errors.NotFoundError())
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
else
if !userId?
if TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED
logger.log {token, projectId: project._id},
"[TokenAccess] allow anonymous read-and-write token access"
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
req._anonymousAccessToken = token
return TokenAccessController._loadEditor(project._id, req, res, next)
else
logger.log {token, projectId: project._id},
"[TokenAccess] deny anonymous read-and-write token access"
AuthenticationController._setRedirectInSession(req)
return res.redirect('/restricted')
if project.owner_ref.toString() == userId
logger.log {userId, projectId: project._id},
"[TokenAccess] user is already project owner"
return TokenAccessController._loadEditor(project._id, req, res, next)
logger.log {userId, projectId: project._id},
"[TokenAccess] adding user to project with readAndWrite token"
TokenAccessHandler.addReadAndWriteUserToProject userId, project._id, (err) ->
if err?
logger.err {err, token, userId, projectId: project._id},
"[TokenAccess] error adding user to project with readAndWrite token"
return next(err)
return TokenAccessController._loadEditor(project._id, req, res, next)
readOnlyToken: (req, res, next) ->
userId = AuthenticationController.getLoggedInUserId(req)
token = req.params['read_only_token']
logger.log {userId, token}, "[TokenAccess] requesting read-only token access"
TokenAccessHandler.findProjectWithReadOnlyToken token, (err, project) ->
if err?
logger.err {err, token, userId},
"[TokenAccess] error getting project by readOnly token"
return next(err)
if !project?
logger.log {token, userId},
"[TokenAccess] no project found for readOnly token"
if !userId?
logger.log {token},
"[TokenAccess] No project found with readOnly token, anonymous user, deny"
return next(new Errors.NotFoundError())
TokenAccessController._tryHigherAccess(token, userId, req, res, next)
else
if !userId?
logger.log {userId, projectId: project._id},
"[TokenAccess] adding anonymous user to project with readOnly token"
TokenAccessHandler.grantSessionTokenAccess(req, project._id, token)
req._anonymousAccessToken = token
return TokenAccessController._loadEditor(project._id, req, res, next)
else
if project.owner_ref.toString() == userId
logger.log {userId, projectId: project._id},
"[TokenAccess] user is already project owner"
return TokenAccessController._loadEditor(project._id, req, res, next)
logger.log {userId, projectId: project._id},
"[TokenAccess] adding user to project with readOnly token"
TokenAccessHandler.addReadOnlyUserToProject userId, project._id, (err) ->
if err?
logger.err {err, token, userId, projectId: project._id},
"[TokenAccess] error adding user to project with readAndWrite token"
return next(err)
return TokenAccessController._loadEditor(project._id, req, res, next)