From ff1c72ee14b9b7cb2c750389789b3719ff833350 Mon Sep 17 00:00:00 2001
From: Shane Kilkelly <shane@kilkelly.me>
Date: Thu, 22 Sep 2016 14:30:34 +0100
Subject: [PATCH] Fix up more session access

---
 .../BetaProgram/BetaProgramController.coffee  | 11 ++++++-----
 .../Features/Referal/ReferalMiddleware.coffee |  1 +
 .../infrastructure/ExpressLocals.coffee       | 19 +++++++++++--------
 .../BetaProgramControllerTests.coffee         |  3 +++
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/services/web/app/coffee/Features/BetaProgram/BetaProgramController.coffee b/services/web/app/coffee/Features/BetaProgram/BetaProgramController.coffee
index a986eb8e4c..4e96ce113c 100644
--- a/services/web/app/coffee/Features/BetaProgram/BetaProgramController.coffee
+++ b/services/web/app/coffee/Features/BetaProgram/BetaProgramController.coffee
@@ -2,14 +2,15 @@ BetaProgramHandler = require './BetaProgramHandler'
 UserLocator = require "../User/UserLocator"
 Settings = require "settings-sharelatex"
 logger = require 'logger-sharelatex'
+AuthenticationController = require '../Authentication/AuthenticationController'
 
 
 module.exports = BetaProgramController =
 
 	optIn: (req, res, next) ->
-		user_id = req?.session?.user?._id
+		user_id = AuthenticationController.getLoggedInUserId(req)
 		logger.log {user_id}, "user opting in to beta program"
-		if !user_id
+		if !user_id?
 			return next(new Error("no user id in session"))
 		BetaProgramHandler.optIn user_id, (err) ->
 			if err
@@ -17,9 +18,9 @@ module.exports = BetaProgramController =
 			return res.redirect "/beta/participate"
 
 	optOut: (req, res, next) ->
-		user_id = req?.session?.user?._id
+		user_id = AuthenticationController.getLoggedInUserId(req)
 		logger.log {user_id}, "user opting out of beta program"
-		if !user_id
+		if !user_id?
 			return next(new Error("no user id in session"))
 		BetaProgramHandler.optOut user_id, (err) ->
 			if err
@@ -27,7 +28,7 @@ module.exports = BetaProgramController =
 			return res.redirect "/beta/participate"
 
 	optInPage: (req, res, next)->
-		user_id = req.session?.user?._id
+		user_id = AuthenticationController.getLoggedInUserId(req)
 		logger.log {user_id}, "showing beta participation page for user"
 		UserLocator.findById user_id, (err, user)->
 			if err
diff --git a/services/web/app/coffee/Features/Referal/ReferalMiddleware.coffee b/services/web/app/coffee/Features/Referal/ReferalMiddleware.coffee
index 77cbef5254..abe5b8e201 100644
--- a/services/web/app/coffee/Features/Referal/ReferalMiddleware.coffee
+++ b/services/web/app/coffee/Features/Referal/ReferalMiddleware.coffee
@@ -1,6 +1,7 @@
 User = require("../../models/User").User
 AuthenticationController = require('../Authentication/AuthenticationController')
 
+# TODO: module appears to be dead, consider removal
 module.exports = RefererMiddleware =
 	getUserReferalId: (req, res, next) ->
 		if AuthenticationController.isUserLoggedIn()
diff --git a/services/web/app/coffee/infrastructure/ExpressLocals.coffee b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
index b500cdfb30..a9228a4c67 100644
--- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee
+++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
@@ -147,12 +147,14 @@ module.exports = (app, webRouter, apiRouter)->
 	webRouter.use (req, res, next)->
 		res.locals.buildReferalUrl = (referal_medium) ->
 			url = Settings.siteUrl
-			if req.user? and req.referal_id?
-				url+="?r=#{req.user.referal_id}&rm=#{referal_medium}&rs=b" # Referal source = bonus
+			currentUser = AuthenticationController.getSessionUser(req)
+			if currentUser? and currentUser?.referal_id?
+				url+="?r=#{currentUser.referal_id}&rm=#{referal_medium}&rs=b" # Referal source = bonus
 			return url
 		res.locals.getReferalId = ->
-			if req.user? and req.referal_id?
-				return req.user.referal_id
+			currentUser = AuthenticationController.getSessionUser(req)
+			if currentUser? and currentUser?.referal_id?
+				return currentUser.referal_id
 		res.locals.getReferalTagLine = ->
 			tagLines = [
 				"Roar!"
@@ -198,11 +200,12 @@ module.exports = (app, webRouter, apiRouter)->
 		next()
 
 	webRouter.use (req, res, next)->
-		if req.user?
+		currentUser = AuthenticationController.getSessionUser(req)
+		if currentUser?
 			res.locals.user =
-				email: req.user.email
-				first_name: req.user.first_name
-				last_name: req.user.last_name
+				email: currentUser.email
+				first_name: currentUser.first_name
+				last_name: currentUser.last_name
 			if req.session.justRegistered
 				res.locals.justRegistered = true
 				delete req.session.justRegistered
diff --git a/services/web/test/UnitTests/coffee/BetaProgram/BetaProgramControllerTests.coffee b/services/web/test/UnitTests/coffee/BetaProgram/BetaProgramControllerTests.coffee
index 742eb6db23..ab1f1b0567 100644
--- a/services/web/test/UnitTests/coffee/BetaProgram/BetaProgramControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/BetaProgram/BetaProgramControllerTests.coffee
@@ -34,6 +34,9 @@ describe "BetaProgramController", ->
 				err: sinon.stub()
 				error: sinon.stub()
 			}
+			'../Authentication/AuthenticationController': @AuthenticationController = {
+				getLoggedInUserId: sinon.stub().returns(@user._id)
+			}
 		@res =
 			send: sinon.stub()
 			redirect: sinon.stub()