mirror of
https://github.com/overleaf/overleaf.git
synced 2024-10-24 21:12:38 -04:00
51223315e4
[web] limit user email addresses to 10 GitOrigin-RevId: 038214cc921d86a407391e6c82fa9cd16a7f9646
300 lines
8.2 KiB
JavaScript
300 lines
8.2 KiB
JavaScript
const Settings = require('@overleaf/settings')
|
|
const logger = require('@overleaf/logger')
|
|
const SessionManager = require('../Authentication/SessionManager')
|
|
const UserGetter = require('./UserGetter')
|
|
const UserUpdater = require('./UserUpdater')
|
|
const UserSessionsManager = require('./UserSessionsManager')
|
|
const EmailHandler = require('../Email/EmailHandler')
|
|
const EmailHelper = require('../Helpers/EmailHelper')
|
|
const UserEmailsConfirmationHandler = require('./UserEmailsConfirmationHandler')
|
|
const { endorseAffiliation } = require('../Institutions/InstitutionsAPI')
|
|
const Errors = require('../Errors/Errors')
|
|
const HttpErrorHandler = require('../Errors/HttpErrorHandler')
|
|
const { expressify } = require('../../util/promises')
|
|
const AsyncFormHelper = require('../Helpers/AsyncFormHelper')
|
|
const AnalyticsManager = require('../Analytics/AnalyticsManager')
|
|
const UserPrimaryEmailCheckHandler = require('../User/UserPrimaryEmailCheckHandler')
|
|
|
|
async function _sendSecurityAlertEmail(user, email) {
|
|
const emailOptions = {
|
|
to: user.email,
|
|
actionDescribed: `a secondary email address has been added to your account ${user.email}`,
|
|
message: [
|
|
`<span style="display:inline-block;padding: 0 20px;width:100%;">Added: <br/><b>${email}</b></span>`,
|
|
],
|
|
action: 'secondary email address added',
|
|
}
|
|
await EmailHandler.promises.sendEmail('securityAlert', emailOptions)
|
|
}
|
|
|
|
async function add(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const email = EmailHelper.parseEmail(req.body.email)
|
|
if (!email) {
|
|
return res.sendStatus(422)
|
|
}
|
|
const user = await UserGetter.promises.getUser(userId, {
|
|
email: 1,
|
|
'emails.email': 1,
|
|
})
|
|
|
|
if (user.emails.length >= Settings.emailAddressLimit) {
|
|
return res.status(422).json({ message: 'secondary email limit exceeded' })
|
|
}
|
|
|
|
const affiliationOptions = {
|
|
university: req.body.university,
|
|
role: req.body.role,
|
|
department: req.body.department,
|
|
}
|
|
|
|
try {
|
|
await UserUpdater.promises.addEmailAddress(
|
|
userId,
|
|
email,
|
|
affiliationOptions,
|
|
{
|
|
initiatorId: user._id,
|
|
ipAddress: req.ip,
|
|
}
|
|
)
|
|
} catch (error) {
|
|
return UserEmailsController._handleEmailError(error, req, res, next)
|
|
}
|
|
|
|
await _sendSecurityAlertEmail(user, email)
|
|
|
|
await UserEmailsConfirmationHandler.promises.sendConfirmationEmail(
|
|
userId,
|
|
email
|
|
)
|
|
|
|
res.sendStatus(204)
|
|
}
|
|
|
|
function resendConfirmation(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const email = EmailHelper.parseEmail(req.body.email)
|
|
if (!email) {
|
|
return res.sendStatus(422)
|
|
}
|
|
UserGetter.getUserByAnyEmail(email, { _id: 1 }, function (error, user) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
if (!user || user._id.toString() !== userId) {
|
|
return res.sendStatus(422)
|
|
}
|
|
UserEmailsConfirmationHandler.sendConfirmationEmail(
|
|
userId,
|
|
email,
|
|
function (error) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
res.sendStatus(200)
|
|
}
|
|
)
|
|
})
|
|
}
|
|
|
|
function sendReconfirmation(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const email = EmailHelper.parseEmail(req.body.email)
|
|
if (!email) {
|
|
return res.sendStatus(400)
|
|
}
|
|
UserGetter.getUserByAnyEmail(email, { _id: 1 }, function (error, user) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
if (!user || user._id.toString() !== userId) {
|
|
return res.sendStatus(422)
|
|
}
|
|
UserEmailsConfirmationHandler.sendReconfirmationEmail(
|
|
userId,
|
|
email,
|
|
function (error) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
res.sendStatus(204)
|
|
}
|
|
)
|
|
})
|
|
}
|
|
|
|
async function primaryEmailCheckPage(req, res) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const user = await UserGetter.promises.getUser(userId, {
|
|
lastPrimaryEmailCheck: 1,
|
|
signUpDate: 1,
|
|
email: 1,
|
|
emails: 1,
|
|
})
|
|
|
|
if (!UserPrimaryEmailCheckHandler.requiresPrimaryEmailCheck(user)) {
|
|
return res.redirect('/project')
|
|
}
|
|
|
|
AnalyticsManager.recordEventForUser(
|
|
userId,
|
|
'primary-email-check-page-displayed'
|
|
)
|
|
res.render('user/primaryEmailCheck')
|
|
}
|
|
|
|
async function primaryEmailCheck(req, res) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
await UserUpdater.promises.updateUser(userId, {
|
|
$set: { lastPrimaryEmailCheck: new Date() },
|
|
})
|
|
AnalyticsManager.recordEventForUser(userId, 'primary-email-check-done')
|
|
AsyncFormHelper.redirect(req, res, '/project')
|
|
}
|
|
|
|
const UserEmailsController = {
|
|
list(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
UserGetter.getUserFullEmails(userId, function (error, fullEmails) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
res.json(fullEmails)
|
|
})
|
|
},
|
|
|
|
add: expressify(add),
|
|
|
|
remove(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const email = EmailHelper.parseEmail(req.body.email)
|
|
if (!email) {
|
|
return res.sendStatus(422)
|
|
}
|
|
const auditLog = {
|
|
initiatorId: userId,
|
|
ipAddress: req.ip,
|
|
}
|
|
UserUpdater.removeEmailAddress(userId, email, auditLog, function (error) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
res.sendStatus(200)
|
|
})
|
|
},
|
|
|
|
setDefault(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const email = EmailHelper.parseEmail(req.body.email)
|
|
if (!email) {
|
|
return res.sendStatus(422)
|
|
}
|
|
const auditLog = {
|
|
initiatorId: userId,
|
|
ipAddress: req.ip,
|
|
}
|
|
UserUpdater.setDefaultEmailAddress(
|
|
userId,
|
|
email,
|
|
false,
|
|
auditLog,
|
|
true,
|
|
err => {
|
|
if (err) {
|
|
return UserEmailsController._handleEmailError(err, req, res, next)
|
|
}
|
|
SessionManager.setInSessionUser(req.session, { email })
|
|
const user = SessionManager.getSessionUser(req.session)
|
|
UserSessionsManager.revokeAllUserSessions(
|
|
user,
|
|
[req.sessionID],
|
|
err => {
|
|
if (err)
|
|
logger.warn(
|
|
{ err },
|
|
'failed revoking secondary sessions after changing default email'
|
|
)
|
|
}
|
|
)
|
|
res.sendStatus(200)
|
|
}
|
|
)
|
|
},
|
|
|
|
endorse(req, res, next) {
|
|
const userId = SessionManager.getLoggedInUserId(req.session)
|
|
const email = EmailHelper.parseEmail(req.body.email)
|
|
if (!email) {
|
|
return res.sendStatus(422)
|
|
}
|
|
|
|
endorseAffiliation(
|
|
userId,
|
|
email,
|
|
req.body.role,
|
|
req.body.department,
|
|
function (error) {
|
|
if (error) {
|
|
return next(error)
|
|
}
|
|
res.sendStatus(204)
|
|
}
|
|
)
|
|
},
|
|
|
|
resendConfirmation,
|
|
|
|
sendReconfirmation,
|
|
|
|
primaryEmailCheckPage: expressify(primaryEmailCheckPage),
|
|
|
|
primaryEmailCheck: expressify(primaryEmailCheck),
|
|
|
|
showConfirm(req, res, next) {
|
|
res.render('user/confirm_email', {
|
|
token: req.query.token,
|
|
title: 'confirm_email',
|
|
})
|
|
},
|
|
|
|
confirm(req, res, next) {
|
|
const { token } = req.body
|
|
if (!token) {
|
|
return res.status(422).json({
|
|
message: req.i18n.translate('confirmation_link_broken'),
|
|
})
|
|
}
|
|
UserEmailsConfirmationHandler.confirmEmailFromToken(
|
|
token,
|
|
function (error) {
|
|
if (error) {
|
|
if (error instanceof Errors.NotFoundError) {
|
|
res.status(404).json({
|
|
message: req.i18n.translate('confirmation_token_invalid'),
|
|
})
|
|
} else {
|
|
next(error)
|
|
}
|
|
} else {
|
|
res.sendStatus(200)
|
|
}
|
|
}
|
|
)
|
|
},
|
|
|
|
_handleEmailError(error, req, res, next) {
|
|
if (error instanceof Errors.UnconfirmedEmailError) {
|
|
return HttpErrorHandler.conflict(req, res, 'email must be confirmed')
|
|
} else if (error instanceof Errors.EmailExistsError) {
|
|
const message = req.i18n.translate('email_already_registered')
|
|
return HttpErrorHandler.conflict(req, res, message)
|
|
} else if (error.message === '422: Email does not belong to university') {
|
|
const message = req.i18n.translate('email_does_not_belong_to_university')
|
|
return HttpErrorHandler.conflict(req, res, message)
|
|
}
|
|
next(error)
|
|
},
|
|
}
|
|
|
|
module.exports = UserEmailsController
|