From 34311ce0dcc9785ec2e458b7f9a1bda2d03bd8d5 Mon Sep 17 00:00:00 2001
From: ilkin-overleaf <100852799+ilkin-overleaf@users.noreply.github.com>
Date: Thu, 20 Jun 2024 15:18:11 +0300
Subject: [PATCH] Merge pull request #18789 from
 overleaf/ii-invite-token-lookup-by-hmac-token

[web] Lookup project invitations by HMAC token

GitOrigin-RevId: b631445e18f83ddb5e7708388a57a0fac0f73bd2
---
 .../Features/Collaborators/CollaboratorsInviteHandler.js    | 2 +-
 .../src/Collaborators/CollaboratorsInviteHandlerTests.js    | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/services/web/app/src/Features/Collaborators/CollaboratorsInviteHandler.js b/services/web/app/src/Features/Collaborators/CollaboratorsInviteHandler.js
index 85ad9d9d52..8f92742cc0 100644
--- a/services/web/app/src/Features/Collaborators/CollaboratorsInviteHandler.js
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsInviteHandler.js
@@ -149,7 +149,7 @@ const CollaboratorsInviteHandler = {
     logger.debug({ projectId }, 'fetching invite by token')
     const invite = await ProjectInvite.findOne({
       projectId,
-      token: tokenString,
+      tokenHmac: CollaboratorsInviteHelper.hashInviteToken(tokenString),
     }).exec()
 
     if (invite == null) {
diff --git a/services/web/test/unit/src/Collaborators/CollaboratorsInviteHandlerTests.js b/services/web/test/unit/src/Collaborators/CollaboratorsInviteHandlerTests.js
index f16e726e1f..9823808c26 100644
--- a/services/web/test/unit/src/Collaborators/CollaboratorsInviteHandlerTests.js
+++ b/services/web/test/unit/src/Collaborators/CollaboratorsInviteHandlerTests.js
@@ -41,8 +41,9 @@ describe('CollaboratorsInviteHandler', function () {
     this.UserGetter = { promises: { getUser: sinon.stub() } }
     this.ProjectGetter = { promises: {} }
     this.NotificationsBuilder = { promises: {} }
+    this.tokenHmac = 'jkhajkefhaekjfhkfg'
     this.CollaboratorsInviteHelper = {
-      hashInviteToken: sinon.stub().returns('abcd'),
+      hashInviteToken: sinon.stub().returns(this.tokenHmac),
     }
 
     this.CollaboratorsInviteHandler = SandboxedModule.require(MODULE_PATH, {
@@ -73,7 +74,6 @@ describe('CollaboratorsInviteHandler', function () {
     }
     this.inviteId = new ObjectId()
     this.token = 'hnhteaosuhtaeosuahs'
-    this.tokenHmac = 'jkhajkefhaekjfhkfg'
     this.privileges = 'readAndWrite'
     this.fakeInvite = {
       _id: this.inviteId,
@@ -458,7 +458,7 @@ describe('CollaboratorsInviteHandler', function () {
         await this.call()
         this.ProjectInvite.findOne.callCount.should.equal(1)
         this.ProjectInvite.findOne
-          .calledWith({ projectId: this.projectId, token: this.token })
+          .calledWith({ projectId: this.projectId, tokenHmac: this.tokenHmac })
           .should.equal(true)
       })
     })