mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-14 20:40:17 -05:00
5517adcbd1
Check for password from v1 before showing password change form GitOrigin-RevId: 58ef0f9d3c8ce3ab7ca51d3538f1be13f05d4658
113 lines
4.1 KiB
CoffeeScript
113 lines
4.1 KiB
CoffeeScript
UserGetter = require("./UserGetter")
|
|
UserSessionsManager = require("./UserSessionsManager")
|
|
ErrorController = require("../Errors/ErrorController")
|
|
logger = require("logger-sharelatex")
|
|
Settings = require("settings-sharelatex")
|
|
request = require 'request'
|
|
fs = require('fs')
|
|
AuthenticationController = require('../Authentication/AuthenticationController')
|
|
|
|
module.exports = UserPagesController =
|
|
|
|
registerPage : (req, res)->
|
|
sharedProjectData =
|
|
project_name:req.query.project_name
|
|
user_first_name:req.query.user_first_name
|
|
|
|
newTemplateData = {}
|
|
if req.session.templateData?
|
|
newTemplateData.templateName = req.session.templateData.templateName
|
|
|
|
res.render 'user/register',
|
|
title: 'register'
|
|
sharedProjectData: sharedProjectData
|
|
newTemplateData: newTemplateData
|
|
new_email:req.query.new_email || ""
|
|
|
|
activateAccountPage: (req, res) ->
|
|
# An 'activation' is actually just a password reset on an account that
|
|
# was set with a random password originally.
|
|
logger.log query:req.query, "activiate account page called"
|
|
if !req.query?.user_id? or !req.query?.token?
|
|
return ErrorController.notFound(req, res)
|
|
|
|
UserGetter.getUser req.query.user_id, {email: 1, loginCount: 1}, (error, user) ->
|
|
return next(error) if error?
|
|
if !user
|
|
return ErrorController.notFound(req, res)
|
|
if user.loginCount > 0
|
|
logger.log user:user, "user has already logged in so is active, sending them to /login"
|
|
# Already seen this user, so account must be activate
|
|
# This lets users keep clicking the 'activate' link in their email
|
|
# as a way to log in which, if I know our users, they will.
|
|
res.redirect "/login?email=#{encodeURIComponent(user.email)}"
|
|
else
|
|
res.render 'user/activate',
|
|
title: 'activate_account'
|
|
email: user.email,
|
|
token: req.query.token
|
|
|
|
loginPage : (req, res)->
|
|
# if user is being sent to /login with explicit redirect (redir=/foo),
|
|
# such as being sent from the editor to /login, then set the redirect explicitly
|
|
if req.query.redir? and !AuthenticationController._getRedirectFromSession(req)?
|
|
logger.log {redir: req.query.redir}, "setting explicit redirect from login page"
|
|
AuthenticationController.setRedirectInSession(req, req.query.redir)
|
|
res.render 'user/login',
|
|
title: 'login',
|
|
email: req.query.email
|
|
|
|
logoutPage: (req, res) ->
|
|
res.render 'user/logout'
|
|
|
|
renderReconfirmAccountPage: (req, res) ->
|
|
page_data = {
|
|
reconfirm_email: req?.session?.reconfirm_email
|
|
}
|
|
# when a user must reconfirm their account
|
|
res.render 'user/reconfirm', page_data
|
|
|
|
settingsPage : (req, res, next)->
|
|
user_id = AuthenticationController.getLoggedInUserId(req)
|
|
logger.log user: user_id, "loading settings page"
|
|
shouldAllowEditingDetails = !(Settings?.ldap?.updateUserDetailsOnLogin) and !(Settings?.saml?.updateUserDetailsOnLogin)
|
|
UserGetter.getUser user_id, (err, user)->
|
|
return next(err) if err?
|
|
|
|
UserPagesController._hasPassword user, (err, passwordPresent) ->
|
|
if err
|
|
logger.err {err}, "error getting password status from v1"
|
|
res.render 'user/settings',
|
|
title:'account_settings'
|
|
user: user,
|
|
hasPassword: passwordPresent,
|
|
shouldAllowEditingDetails: shouldAllowEditingDetails
|
|
languages: Settings.languages,
|
|
accountSettingsTabActive: true
|
|
|
|
sessionsPage: (req, res, next) ->
|
|
user = AuthenticationController.getSessionUser(req)
|
|
logger.log user_id: user._id, "loading sessions page"
|
|
UserSessionsManager.getAllUserSessions user, [req.sessionID], (err, sessions) ->
|
|
if err?
|
|
logger.err {user_id: user._id}, "error getting all user sessions"
|
|
return next(err)
|
|
res.render 'user/sessions',
|
|
title: "sessions"
|
|
sessions: sessions
|
|
|
|
_hasPassword: (user, callback) ->
|
|
request.get {
|
|
url: "#{Settings.apis.v1.url}/api/v1/sharelatex/has_password"
|
|
auth: { user: Settings.apis.v1.user, pass: Settings.apis.v1.pass }
|
|
body: { user_id: user?.overleaf?.id }
|
|
timeout: 20 * 1000
|
|
json: true
|
|
}, (err, response, body) ->
|
|
if err
|
|
# for errors assume password and show password setting form
|
|
return callback(err, true)
|
|
else if body?.has_password
|
|
return callback(err, true)
|
|
return callback(err, false)
|
|
|