Merge pull request #26274 from overleaf/td-account-enrollment-error-fix

Prevent front-end errors in account enrollment page GitOrigin-RevId: d05e295f70a8e9cb6d5e0da6800d7eaf4468cb39
2026-05-29 20:11:32 +02:00 · 2025-06-12 12:58:15 +01:00
parent cd883febbb
commit 3bcd8c778d
4 changed files with 26 additions and 8 deletions
--- a/services/web/app/src/Features/Subscription/SubscriptionController.js
+++ b/services/web/app/src/Features/Subscription/SubscriptionController.js
@@ -33,6 +33,9 @@ const PaymentProviderEntities = require('./PaymentProviderEntities')
 const { User } = require('../../models/User')
 const UserGetter = require('../User/UserGetter')
 const PermissionsManager = require('../Authorization/PermissionsManager')
+const {
+  sanitizeSessionUserForFrontEnd,
+} = require('../../infrastructure/FrontEndUser')

 /**
 * @import { SubscriptionChangeDescription } from '../../../../types/subscription/subscription-change-preview'
@@ -318,7 +321,9 @@ function cancelSubscription(req, res, next) {
 async function canceledSubscription(req, res, next) {
  return res.render('subscriptions/canceled-subscription-react', {
    title: 'subscription_canceled',
-    user: SessionManager.getSessionUser(req.session),
+    user: sanitizeSessionUserForFrontEnd(
+      SessionManager.getSessionUser(req.session)
+    ),
  })
 }

--- a/services/web/app/src/Features/Subscription/TeamInvitesController.mjs
+++ b/services/web/app/src/Features/Subscription/TeamInvitesController.mjs
@@ -15,6 +15,7 @@ import EmailHandler from '../Email/EmailHandler.js'
 import { RateLimiter } from '../../infrastructure/RateLimiter.js'
 import Modules from '../../infrastructure/Modules.js'
 import UserAuditLogHandler from '../User/UserAuditLogHandler.js'
+import { sanitizeSessionUserForFrontEnd } from '../../infrastructure/FrontEndUser.js'

 const rateLimiters = {
  resendGroupInvite: new RateLimiter('resend-group-invite', {
@@ -143,7 +144,7 @@ async function viewInvite(req, res, next) {
        currentManagedUserAdminEmail,
        groupSSOActive,
        subscriptionId: subscription._id.toString(),
-        user: sessionUser,
+        user: sanitizeSessionUserForFrontEnd(sessionUser),
        usersSubscription,
      })
    } else {
@@ -164,7 +165,7 @@ async function viewInvite(req, res, next) {
        currentManagedUserAdminEmail,
        groupSSOActive,
        subscriptionId: subscription._id.toString(),
-        user: sessionUser,
+        user: sanitizeSessionUserForFrontEnd(sessionUser),
      })
    }
  } else {
--- a/services/web/app/src/infrastructure/ExpressLocals.js
+++ b/services/web/app/src/infrastructure/ExpressLocals.js
@@ -19,6 +19,7 @@ const {
 const {
  addOptionalCleanupHandlerAfterDrainingConnections,
 } = require('./GracefulShutdown')
+const { sanitizeSessionUserForFrontEnd } = require('./FrontEndUser')

 const IEEE_BRAND_ID = Settings.ieeeBrandId

@@ -300,11 +301,7 @@ module.exports = function (webRouter, privateApiRouter, publicApiRouter) {
  webRouter.use(function (req, res, next) {
    const currentUser = SessionManager.getSessionUser(req.session)
    if (currentUser != null) {
-      res.locals.user = {
-        email: currentUser.email,
-        first_name: currentUser.first_name,
-        last_name: currentUser.last_name,
-      }
+      res.locals.user = sanitizeSessionUserForFrontEnd(currentUser)
    }
    next()
  })
--- a/services/web/app/src/infrastructure/FrontEndUser.js
+++ b/services/web/app/src/infrastructure/FrontEndUser.js
@@ -0,0 +1,15 @@
+function sanitizeSessionUserForFrontEnd(sessionUser) {
+  if (sessionUser != null) {
+    return {
+      email: sessionUser.email,
+      first_name: sessionUser.first_name,
+      last_name: sessionUser.last_name,
+    }
+  }
+
+  return null
+}
+
+module.exports = {
+  sanitizeSessionUserForFrontEnd,
+}