From 5efee51ed873bd3295267b0b66022558dc6f0240 Mon Sep 17 00:00:00 2001
From: "David J. Weller-Fahy" <dave@weller-fahy.com>
Date: Wed, 2 Nov 2016 13:14:54 -0400
Subject: [PATCH 1/4] Pass ignoreTLS option to nodemailer

---
 services/web/app/coffee/Features/Email/EmailSender.coffee | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/web/app/coffee/Features/Email/EmailSender.coffee b/services/web/app/coffee/Features/Email/EmailSender.coffee
index 8210324747..a7bcc82ed7 100644
--- a/services/web/app/coffee/Features/Email/EmailSender.coffee
+++ b/services/web/app/coffee/Features/Email/EmailSender.coffee
@@ -25,7 +25,7 @@ else if Settings?.email?.parameters?.sendgridApiKey?
 	logger.log "using sendgrid for email"
 	nm_client = nodemailer.createTransport(sgTransport({auth:{api_key:Settings?.email?.parameters?.sendgridApiKey}}))
 else if Settings?.email?.parameters?
-	smtp = _.pick(Settings?.email?.parameters, "host", "port", "secure", "auth")
+	smtp = _.pick(Settings?.email?.parameters, "host", "port", "secure", "auth", "ignoreTLS")
 
 
 	logger.log "using smtp for email"

From f54bb9744a4ef3f0c5e94582532c05d5d73d1fa1 Mon Sep 17 00:00:00 2001
From: Brian Gough <bjg@network-theory.co.uk>
Date: Fri, 4 Nov 2016 15:44:12 +0000
Subject: [PATCH 2/4] redirect to /login on failed requests

---
 .../public/coffee/directives/asyncForm.coffee |  4 +++-
 .../coffee/main/account-settings.coffee       |  1 +
 .../public/coffee/modules/errorCatcher.coffee | 24 +++++++++++++++++--
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/services/web/public/coffee/directives/asyncForm.coffee b/services/web/public/coffee/directives/asyncForm.coffee
index 8bcf610640..2c6345d878 100644
--- a/services/web/public/coffee/directives/asyncForm.coffee
+++ b/services/web/public/coffee/directives/asyncForm.coffee
@@ -24,8 +24,10 @@ define [
 
 					scope[attrs.name].inflight = true
 
+					# for asyncForm prevent automatic redirect to /login if
+					# authentication fails, we will handle it ourselves
 					$http
-						.post(element.attr('action'), formData)
+						.post(element.attr('action'), formData, {disableAutoLoginRedirect: true})
 						.success (data, status, headers, config) ->
 							scope[attrs.name].inflight = false
 							response.success = true
diff --git a/services/web/public/coffee/main/account-settings.coffee b/services/web/public/coffee/main/account-settings.coffee
index 08226ab399..05fd4a6ca9 100644
--- a/services/web/public/coffee/main/account-settings.coffee
+++ b/services/web/public/coffee/main/account-settings.coffee
@@ -57,6 +57,7 @@ define [
 							"Content-Type": 'application/json'
 						data:
 							password: $scope.state.password
+						disableAutoLoginRedirect: true # we want to handle errors ourselves
 					})
 					.success () ->
 						$modalInstance.close()
diff --git a/services/web/public/coffee/modules/errorCatcher.coffee b/services/web/public/coffee/modules/errorCatcher.coffee
index 425099cbb6..8001c14b52 100644
--- a/services/web/public/coffee/modules/errorCatcher.coffee
+++ b/services/web/public/coffee/modules/errorCatcher.coffee
@@ -9,6 +9,26 @@ app.config ['$provide', ($provide) ->
 	]
 ]
 
-# TODO: add support for an errorHttpInterceptor to catch failing ajax
-# requests as described at
+# Interceptor to check auth failures in all $http requests
 # http://bahmutov.calepin.co/catch-all-errors-in-angular-app.html
+
+app.factory 'unAuthHttpResponseInterceptor', ['$q','$location', ($q, $location) ->
+		responseError: (response) ->
+			# redirect any unauthorised or forbidden responses back to /login
+			#
+			# set disableAutoLoginRedirect:true in the http request config
+			# to disable this behaviour
+			if response.status in [401, 403] and not response.config?.disableAutoLoginRedirect
+				# for /project urls set the ?redir parameter to come back here
+				# otherwise just go to the login page
+				if window.location.pathname.match(/^\/project/)
+					window.location = "/login?redir=#{encodeURI(window.location.pathname)}"
+				else
+					window.location = "/login"
+			# pass the response back to the original requester
+			return $q.reject(response)
+]
+
+app.config ['$httpProvider', ($httpProvider) ->
+	$httpProvider.interceptors.push 'unAuthHttpResponseInterceptor'
+]

From 6f41dddb4281311c7e0e58020a484753cf003380 Mon Sep 17 00:00:00 2001
From: Brian Gough <bjg@network-theory.co.uk>
Date: Fri, 4 Nov 2016 15:44:30 +0000
Subject: [PATCH 3/4] disable spell check for anonymous users

these requests always fail
---
 services/web/app/views/project/editor/editor.jade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/web/app/views/project/editor/editor.jade b/services/web/app/views/project/editor/editor.jade
index 94ae6ceb6e..e1037ae4f3 100644
--- a/services/web/app/views/project/editor/editor.jade
+++ b/services/web/app/views/project/editor/editor.jade
@@ -24,7 +24,7 @@ div.full-size(
 			keybindings="settings.mode",
 			font-size="settings.fontSize",
 			auto-complete="settings.autoComplete",
-			spell-check="true",
+			spell-check="!anonymous",
 			spell-check-language="project.spellCheckLanguage",
 			highlights="onlineUserCursorHighlights[editor.open_doc_id]"
 			show-print-margin="false",

From 2ff211ce2ccca164d9ae670b85231ba88be61f78 Mon Sep 17 00:00:00 2001
From: Shane Kilkelly <shane@kilkelly.me>
Date: Mon, 7 Nov 2016 14:36:04 +0000
Subject: [PATCH 4/4] Make sure the `$scope.canAddCollaborators` var is
 initialised at least once, outside of angular `$watch`.

---
 .../controllers/ShareProjectModalController.coffee  | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/services/web/public/coffee/ide/share/controllers/ShareProjectModalController.coffee b/services/web/public/coffee/ide/share/controllers/ShareProjectModalController.coffee
index 6f95d4e38f..2d27f96970 100644
--- a/services/web/public/coffee/ide/share/controllers/ShareProjectModalController.coffee
+++ b/services/web/public/coffee/ide/share/controllers/ShareProjectModalController.coffee
@@ -19,11 +19,16 @@ define [
 			, 200
 
 		INFINITE_COLLABORATORS = -1
-		$scope.$watch "(project.members.length + project.invites.length)", (noOfMembers) ->
-			allowedNoOfMembers = $scope.project.features.collaborators
-			$scope.canAddCollaborators = noOfMembers < allowedNoOfMembers or allowedNoOfMembers == INFINITE_COLLABORATORS
 
-		window._m = projectMembers
+		$scope.refreshCanAddCollaborators = () ->
+			allowedNoOfMembers = $scope.project.features.collaborators
+			$scope.canAddCollaborators = (
+				($scope.project.members.length + $scope.project.invites.length) < allowedNoOfMembers or allowedNoOfMembers == INFINITE_COLLABORATORS
+			)
+		$scope.refreshCanAddCollaborators()
+
+		$scope.$watch "(project.members.length + project.invites.length)", (_noOfMembers) ->
+			$scope.refreshCanAddCollaborators()
 
 		$scope.autocompleteContacts = []
 		do loadAutocompleteUsers = () ->