Fix failing tests for token access

If project was changed from token access to private, then we want to 404 on v2 (not redirect to v1). So the logic was changed to check if the project exists and if it does then a 404 is returned. If it does not then it redirects to v1.
2026-06-10 06:39:01 +02:00 · 2018-09-12 11:06:05 +01:00
parent cf8ae7c28c
commit 9d600afdf8
3 changed files with 21 additions and 5 deletions
@@ -82,6 +82,13 @@ EmailExistsError = (message) ->
 	return error
 EmailExistsError.prototype.__proto__ = Error.prototype

+ProjectNotTokenAccessError = (message) ->
+	error = new Error(message)
+	error.name = "ProjectNotTokenAccessError"
+	error.__proto__ = ProjectNotTokenAccessError.prototype
+	return error
+ProjectNotTokenAccessError.prototype.__proto__ = Error.prototype
+
 module.exports = Errors =
 	NotFoundError: NotFoundError
 	ServiceNotConfiguredError: ServiceNotConfiguredError
@@ -95,3 +102,4 @@ module.exports = Errors =
 	V1ConnectionError: V1ConnectionError
 	UnconfirmedEmailError: UnconfirmedEmailError
 	EmailExistsError: EmailExistsError
+	ProjectNotTokenAccessError: ProjectNotTokenAccessError
@@ -8,7 +8,7 @@ settings = require 'settings-sharelatex'
 module.exports = TokenAccessController =

 	redirectNotFoundErrorToV1: (err, req, res, next) ->
-		if err instanceof Errors.NotFoundError and settings.overleaf
+		if err instanceof Errors.ProjectNotTokenAccessError and settings.overleaf
 			logger.log {
 				token: req.params['read_and_write_token']
 			}, "[TokenAccess] No project found for token, redirecting to v1"
@@ -21,11 +21,15 @@ module.exports = TokenAccessController =
 		return ProjectController.loadEditor(req, res, next)

 	_tryHigherAccess: (token, userId, req, res, next) ->
-		TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project) ->
+		TokenAccessHandler.findProjectWithHigherAccess token, userId, (err, project, projectExists) ->
 			if err?
 				logger.err {err, token, userId},
 					"[TokenAccess] error finding project with higher access"
 				return next(err)
+			if !projectExists
+				logger.log {token, userId},
+					"[TokenAccess] no project found for this token"
+				return next(new Errors.ProjectNotTokenAccessError())
 			if !project?
 				logger.log {token, userId},
 					"[TokenAccess] no project with higher access found for this user and token"
@@ -22,7 +22,7 @@ module.exports = TokenAccessHandler =
 			'publicAccesLevel': PublicAccessLevels.TOKEN_BASED
 		}, {_id: 1, publicAccesLevel: 1, owner_ref: 1}, callback

-	findProjectWithHigherAccess: (token, userId, callback=(err, project)->) ->
+	findProjectWithHigherAccess: (token, userId, callback=(err, project, projectExists)->) ->
 		Project.findOne {
 			$or: [
 				{'tokens.readAndWrite': token},
@@ -32,12 +32,16 @@ module.exports = TokenAccessHandler =
 			if err?
 				return callback(err)
 			if !project?
-				return callback(null, null)
+				return callback(null, null, false) # Project doesn't exist, so we handle differently
 			projectId = project._id
 			CollaboratorsHandler.isUserInvitedMemberOfProject userId, projectId, (err, isMember) ->
 				if err?
 					return callback(err)
-				callback(null, if isMember == true then project else null)
+				callback(
+					null,
+					if isMember == true then project else null,
+					true # Project does exist, but user doesn't have access
+				)

 	addReadOnlyUserToProject: (userId, projectId, callback=(err)->) ->
 		userId = ObjectId(userId.toString())