From a5ad2e48d43a77a6facb903e3af4a1ebaf4e69b6 Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Fri, 22 Mar 2019 10:11:04 +0000 Subject: [PATCH] Merge pull request #1629 from sharelatex/sk-censor-token-prefix Censor `tokens.readAndWritePrefix` when building project model GitOrigin-RevId: 0fe3fc2657aa191808ea282dfcd2ea5506e93fee --- .../app/coffee/Features/TokenAccess/TokenAccessHandler.coffee | 1 + .../unit/coffee/TokenAccess/TokenAccessHandlerTests.coffee | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee b/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee index e2c0feab50..9e94f80dbf 100644 --- a/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee +++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessHandler.coffee @@ -134,6 +134,7 @@ module.exports = TokenAccessHandler = return if privilegeLevel != PrivilegeLevels.READ_AND_WRITE project.tokens.readAndWrite = '' + project.tokens.readAndWritePrefix = '' if privilegeLevel != PrivilegeLevels.READ_ONLY project.tokens.readOnly = '' diff --git a/services/web/test/unit/coffee/TokenAccess/TokenAccessHandlerTests.coffee b/services/web/test/unit/coffee/TokenAccess/TokenAccessHandlerTests.coffee index e2ebd00c2b..93fea87658 100644 --- a/services/web/test/unit/coffee/TokenAccess/TokenAccessHandlerTests.coffee +++ b/services/web/test/unit/coffee/TokenAccess/TokenAccessHandlerTests.coffee @@ -480,11 +480,12 @@ describe "TokenAccessHandler", -> describe 'protectTokens', -> beforeEach -> - @project = {tokens: {readAndWrite: 'rw', readOnly: 'ro'}} + @project = {tokens: {readAndWrite: 'rw', readOnly: 'ro', readAndWritePrefix: 'pre'}} it 'should hide write token from read-only user', -> @TokenAccessHandler.protectTokens(@project, 'readOnly') expect(@project.tokens.readAndWrite).to.equal '' + expect(@project.tokens.readAndWritePrefix).to.equal '' expect(@project.tokens.readOnly).to.equal 'ro' it 'should hide read token from read-write user', ->