agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-04 06:39:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #109 from sharelatex/sk-token-access-redirect-fix

Browse Source 
Set redirect when bouncing away from token route; Fixes overleaf/sharelatex#250
This commit is contained in:
Shane Kilkelly
2017-11-15 14:56:42 +00:00
committed by GitHub
parent c21b5ca1cc 5df4556e9c
commit 2a7e68e37b
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+1
View File
@@ -52,6 +52,7 @@ module.exports = TokenAccessController =
else
logger.log {token, projectId: project._id},
"[TokenAccess] deny anonymous read-and-write token access"
AuthenticationController._setRedirectInSession(req)
return res.redirect('/restricted')
if project.owner_ref.toString() == userId
logger.log {userId, projectId: project._id},
services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
+7
View File
@@ -48,6 +48,7 @@ describe "TokenAccessController", ->
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@AuthenticationController._setRedirectInSession = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
@@ -159,6 +160,7 @@ describe "TokenAccessController", ->
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
@AuthenticationController._setRedirectInSession = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should not add the user to the project with read-write access', (done) ->
@@ -176,6 +178,11 @@ describe "TokenAccessController", ->
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should set redirect in session', (done) ->
expect(@AuthenticationController._setRedirectInSession.callCount).to.equal 1
expect(@AuthenticationController._setRedirectInSession.calledWith(@req)).to.equal true
done()
it 'should redirect to restricted page', (done) ->
expect(@res.redirect.callCount).to.equal 1
expect(@res.redirect.calledWith('/restricted')).to.equal true