From 9d600afdf83c5a0eda098ef65587d0c1c1e6ae42 Mon Sep 17 00:00:00 2001 From: Alasdair Smith Date: Wed, 12 Sep 2018 11:06:05 +0100 Subject: [PATCH] Fix failing tests for token access If project was changed from token access to private, then we want to 404 on v2 (not redirect to v1). So the logic was changed to check if the project exists and if it does then a 404 is returned. If it does not then it redirects to v1. --- services/web/app/coffee/Features/Errors/Errors.coffee | 8 ++++++++ .../Features/TokenAccess/TokenAccessController.coffee | 8 ++++++-- .../Features/TokenAccess/TokenAccessHandler.coffee | 10 +++++++--- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/services/web/app/coffee/Features/Errors/Errors.coffee b/services/web/app/coffee/Features/Errors/Errors.coffee index 94aeaa2a90..720b092012 100644 --- a/services/web/app/coffee/Features/Errors/Errors.coffee +++ b/services/web/app/coffee/Features/Errors/Errors.coffee @@ -82,6 +82,13 @@ EmailExistsError = (message) -> return error EmailExistsError.prototype.__proto__ = Error.prototype +ProjectNotTokenAccessError = (message) -> + error = new Error(message) + error.name = "ProjectNotTokenAccessError" + error.__proto__ = ProjectNotTokenAccessError.prototype + return error +ProjectNotTokenAccessError.prototype.__proto__ = Error.prototype + module.exports = Errors = NotFoundError: NotFoundError ServiceNotConfiguredError: ServiceNotConfiguredError @@ -95,3 +102,4 @@ module.exports = Errors = V1ConnectionError: V1ConnectionError UnconfirmedEmailError: UnconfirmedEmailError EmailExistsError: EmailExistsError + ProjectNotTokenAccessError: ProjectNotTokenAccessError diff --git a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee index 395489c608..6b03e6c600 100644 --- a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee +++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee @@ -8,7 +8,7 @@ settings = require 'settings-sharelatex' module.exports = TokenAccessController = redirectNotFoundErrorToV1: (err, req, res, next) -> - if err instanceof Errors.NotFoundError and settings.overleaf + if err instanceof Errors.ProjectNotTokenAccessError and settings.overleaf logger.log { token: req.params['read_and_write_token'] }, "[TokenAccess] No project found for token, redirecting to v1" @@ -21,11 +21,15 @@ module.exports = TokenAccessController = return ProjectController.loadEditor(req, res, next) _tryHigherAccess: (token, userId, req, res, next) -> - TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) -> + TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project, projectExists) -> if err? logger.err {err, token, userId}, "[TokenAccess] error finding project with higher access" return next(err) + if !projectExists + logger.log {token, userId}, + "[TokenAccess] no project found for this token" + return next(new Errors.ProjectNotTokenAccessError()) if !project? logger.log {token, userId}, "[TokenAccess] no project with higher access found for this user and token" diff --git a/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee b/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee index 9eb792e55b..ed7f51f0d7 100644 --- a/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee +++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee @@ -22,7 +22,7 @@ module.exports = TokenAccessHandler = 'publicAccesLevel': PublicAccessLevels.TOKEN_BASED }, {_id: 1, publicAccesLevel: 1, owner_ref: 1}, callback - findProjectWithHigherAccess: (token, userId, callback=(err, project)->) -> + findProjectWithHigherAccess: (token, userId, callback=(err, project, projectExists)->) -> Project.findOne { $or: [ {'tokens.readAndWrite': token}, @@ -32,12 +32,16 @@ module.exports = TokenAccessHandler = if err? return callback(err) if !project? - return callback(null, null) + return callback(null, null, false) # Project doesn't exist, so we handle differently projectId = project._id CollaboratorsHandler.isUserInvitedMemberOfProject userId, projectId, (err, isMember) -> if err? return callback(err) - callback(null, if isMember == true then project else null) + callback( + null, + if isMember == true then project else null, + true # Project does exist, but user doesn't have access + ) addReadOnlyUserToProject: (userId, projectId, callback=(err)->) -> userId = ObjectId(userId.toString())