Merge pull request #2540 from overleaf/spd-saml-post-gateway

Add generic POST gateway to handle samesite=lax session cookies

GitOrigin-RevId: e50a0fde63659a77a047e545a22fba5339f16427

services/web/app/src/infrastructure/SessionAutostartMiddleware.js

@@ -1,4 +1,5 @@
 const Settings = require('settings-sharelatex')
+const Errors = require('../Features/Errors/Errors')
 
 // SessionAutostartMiddleware provides a mechanism to force certain routes not
 // to get an automatic session where they don't have one already. This allows us
@@ -36,6 +37,14 @@ class SessionAutostartMiddleware {
     this._noAutostartCallbacks[route][method] = callback
   }
 
+  applyDefaultPostGatewayForRoute(route) {
+    this.disableSessionAutostartForRoute(
+      route,
+      'POST',
+      SessionAutostartMiddleware.genericPostGatewayMiddleware
+    )
+  }
+
   autostartCallbackForRequest(req) {
     return (
       this._noAutostartCallbacks[req.path] &&
@@ -62,6 +71,26 @@ class SessionAutostartMiddleware {
     }
     next()
   }
+
+  static genericPostGatewayMiddleware(req, res, next) {
+    if (req.method !== 'POST') {
+      return next(
+        new Errors.OError({
+          message: 'post gateway invoked for non-POST request',
+          info: {
+            path: req.path,
+            method: req.method
+          }
+        })
+      )
+    }
+
+    if (req.body.viaGateway) {
+      return next()
+    }
+
+    res.render('general/post-gateway', { form_data: req.body })
+  }
 }
 
 module.exports = SessionAutostartMiddleware

services/web/app/views/general/post-gateway.pug

@@ -0,0 +1,20 @@
+extends ../layout
+
+block vars
+	- var suppressNavbar = true
+	- var suppressFooter = true
+
+block content
+	script(type="template", id="gateway-data")!= StringHelper.stringifyJsonForScript({ params: form_data })
+
+	.content.content-alt
+		.container
+			.row
+				.col-md-6.col-md-offset-3
+					.card
+						p.text-center #{translate('processing_your_request')}
+
+	form(
+		ng-controller="PostGatewayController",
+		ng-init="handleGateway();"
+		id='gateway' method='POST')

services/web/frontend/js/main.js

@@ -15,6 +15,7 @@ define([
   'main/clear-sessions',
   'main/account-upgrade',
   'main/plans',
+  'main/post-gateway',
   'main/user-membership',
   'main/scribtex-popup',
   'main/event',

services/web/frontend/js/main/post-gateway.js

@@ -0,0 +1,17 @@
+define(['base'], App =>
+  App.controller('PostGatewayController', function($scope) {
+    $scope.handleGateway = function() {
+      const { params } = JSON.parse($('#gateway-data').text())
+      params.viaGateway = 'true'
+      Object.keys(params).forEach(param => {
+        $('<input>')
+          .attr({
+            type: 'hidden',
+            name: param,
+            value: params[param]
+          })
+          .appendTo('#gateway')
+      })
+      $('#gateway').submit()
+    }
+  }))