overleaf-cep/services/web/app/src/Features/User/UserEmailsController.js

const AuthenticationController = require('../Authentication/AuthenticationController')
const Settings = require('@overleaf/settings')
const logger = require('@overleaf/logger')
const SessionManager = require('../Authentication/SessionManager')
const UserGetter = require('./UserGetter')
const UserUpdater = require('./UserUpdater')
const UserSessionsManager = require('./UserSessionsManager')
const EmailHandler = require('../Email/EmailHandler')
const EmailHelper = require('../Helpers/EmailHelper')
const UserEmailsConfirmationHandler = require('./UserEmailsConfirmationHandler')
const { endorseAffiliation } = require('../Institutions/InstitutionsAPI')
const Errors = require('../Errors/Errors')
const HttpErrorHandler = require('../Errors/HttpErrorHandler')
const { expressify } = require('@overleaf/promise-utils')
const AsyncFormHelper = require('../Helpers/AsyncFormHelper')
const AnalyticsManager = require('../Analytics/AnalyticsManager')
const UserPrimaryEmailCheckHandler = require('../User/UserPrimaryEmailCheckHandler')
const UserAuditLogHandler = require('./UserAuditLogHandler')
const { RateLimiter } = require('../../infrastructure/RateLimiter')
const tsscmp = require('tsscmp')

const AUDIT_LOG_TOKEN_PREFIX_LENGTH = 10

const sendSecondaryConfirmCodeRateLimiter = new RateLimiter(
  'send-secondary-confirmation-code',
  {
    points: 1,
    duration: 60,
  }
)
const checkSecondaryConfirmCodeRateLimiter = new RateLimiter(
  'check-secondary-confirmation-code-per-email',
  {
    points: 10,
    duration: 60,
  }
)

const resendSecondaryConfirmCodeRateLimiter = new RateLimiter(
  'resend-secondary-confirmation-code',
  {
    points: 1,
    duration: 60,
  }
)

async function _sendSecurityAlertEmail(user, email) {
  const emailOptions = {
    to: user.email,
    actionDescribed: `a secondary email address has been added to your account ${user.email}`,
    message: [
      `<span style="display:inline-block;padding: 0 20px;width:100%;">Added: <br/><b>${email}</b></span>`,
    ],
    action: 'secondary email address added',
  }
  await EmailHandler.promises.sendEmail('securityAlert', emailOptions)
}

/**
 * This method is for adding a secondary email to be confirmed via an emailed link.
 * For code confirmation, see the `addWithConfirmationCode` method in this file.
 */
async function add(req, res, next) {
  const userId = SessionManager.getLoggedInUserId(req.session)
  const email = EmailHelper.parseEmail(req.body.email)
  if (!email) {
    return res.sendStatus(422)
  }
  const user = await UserGetter.promises.getUser(userId, {
    email: 1,
    'emails.email': 1,
  })

  if (user.emails.length >= Settings.emailAddressLimit) {
    return res.status(422).json({ message: 'secondary email limit exceeded' })
  }

  const affiliationOptions = {
    university: req.body.university,
    role: req.body.role,
    department: req.body.department,
  }

  try {
    await UserUpdater.promises.addEmailAddress(
      userId,
      email,
      affiliationOptions,
      {
        initiatorId: user._id,
        ipAddress: req.ip,
      }
    )
  } catch (error) {
    return UserEmailsController._handleEmailError(error, req, res, next)
  }

  await _sendSecurityAlertEmail(user, email)

  await UserEmailsConfirmationHandler.promises.sendConfirmationEmail(
    userId,
    email
  )

  res.sendStatus(204)
}

function resendConfirmation(req, res, next) {
  const userId = SessionManager.getLoggedInUserId(req.session)
  const email = EmailHelper.parseEmail(req.body.email)
  if (!email) {
    return res.sendStatus(422)
  }
  UserGetter.getUserByAnyEmail(email, { _id: 1 }, function (error, user) {
    if (error) {
      return next(error)
    }
    if (!user || user._id.toString() !== userId) {
      return res.sendStatus(422)
    }
    UserEmailsConfirmationHandler.sendConfirmationEmail(
      userId,
      email,
      function (error) {
        if (error) {
          return next(error)
        }
        res.sendStatus(200)
      }
    )
  })
}

function sendReconfirmation(req, res, next) {
  const userId = SessionManager.getLoggedInUserId(req.session)
  const email = EmailHelper.parseEmail(req.body.email)
  if (!email) {
    return res.sendStatus(400)
  }
  UserGetter.getUserByAnyEmail(email, { _id: 1 }, function (error, user) {
    if (error) {
      return next(error)
    }
    if (!user || user._id.toString() !== userId) {
      return res.sendStatus(422)
    }
    UserEmailsConfirmationHandler.sendReconfirmationEmail(
      userId,
      email,
      function (error) {
        if (error) {
          return next(error)
        }
        res.sendStatus(204)
      }
    )
  })
}

/**
 * This method is for adding a secondary email to be confirmed via a code.
 * For email link confirmation see the `add` method in this file.
 */
async function addWithConfirmationCode(req, res) {
  delete req.session.pendingSecondaryEmail

  const userId = SessionManager.getLoggedInUserId(req.session)
  const email = EmailHelper.parseEmail(req.body.email)
  if (!email) {
    return res.sendStatus(422)
  }

  const user = await UserGetter.promises.getUser(userId, {
    email: 1,
    'emails.email': 1,
  })

  if (user.emails.length >= Settings.emailAddressLimit) {
    return res.status(422).json({ message: 'secondary email limit exceeded' })
  }

  try {
    await UserGetter.promises.ensureUniqueEmailAddress(email)

    await sendSecondaryConfirmCodeRateLimiter.consume(email, 1, {
      method: 'email',
    })

    await UserAuditLogHandler.promises.addEntry(
      userId,
      'request-add-email-code',
      userId,
      req.ip,
      {
        newSecondaryEmail: email,
      }
    )

    const { confirmCode, confirmCodeExpiresTimestamp } =
      await UserEmailsConfirmationHandler.promises.sendConfirmationCode(
        email,
        true
      )

    req.session.pendingSecondaryEmail = {
      email,
      confirmCode,
      confirmCodeExpiresTimestamp,
    }

    return res.json({
      redir: '/user/emails/confirm-secondary',
    })
  } catch (err) {
    if (err.name === 'EmailExistsError') {
      return res.status(409).json({
        message: {
          type: 'error',
          text: req.i18n.translate('email_already_registered'),
        },
      })
    }

    if (err?.remainingPoints === 0) {
      return res.status(429).json({})
    }

    logger.err({ err }, 'failed to send confirmation code')

    delete req.session.pendingSecondaryEmail

    return res.status(500).json({
      message: {
        key: 'error_performing_request',
      },
    })
  }
}

async function checkSecondaryEmailConfirmationCode(req, res) {
  const userId = SessionManager.getLoggedInUserId(req.session)
  const code = req.body.code
  const user = await UserGetter.promises.getUser(userId, {
    email: 1,
    'emails.email': 1,
  })

  if (!req.session.pendingSecondaryEmail) {
    logger.err(
      {},
      'error checking confirmation code. missing pendingSecondaryEmail'
    )

    return res.status(500).json({
      message: {
        key: 'error_performing_request',
      },
    })
  }

  try {
    await checkSecondaryConfirmCodeRateLimiter.consume(
      req.session.pendingSecondaryEmail.email,
      1,
      { method: 'email' }
    )
  } catch (err) {
    if (err?.remainingPoints === 0) {
      return res.sendStatus(429)
    } else {
      return res.status(500).json({
        message: {
          key: 'error_performing_request',
        },
      })
    }
  }

  if (
    req.session.pendingSecondaryEmail.confirmCodeExpiresTimestamp < Date.now()
  ) {
    return res.status(403).json({
      message: { key: 'expired_confirmation_code' },
    })
  }

  if (!tsscmp(req.session.pendingSecondaryEmail.confirmCode, code)) {
    return res.status(403).json({
      message: { key: 'invalid_confirmation_code' },
    })
  }

  try {
    await UserAuditLogHandler.promises.addEntry(
      userId,
      'add-email-via-code',
      userId,
      req.ip,
      {
        newSecondaryEmail: req.session.pendingSecondaryEmail.email,
      }
    )

    await UserUpdater.promises.addEmailAddress(
      userId,
      req.session.pendingSecondaryEmail.email,
      {},
      {
        initiatorId: user._id,
        ipAddress: req.ip,
      }
    )

    await UserUpdater.promises.confirmEmail(
      userId,
      req.session.pendingSecondaryEmail.email,
      {}
    )

    delete req.session.pendingSecondaryEmail

    AnalyticsManager.recordEventForUser(user._id, 'email-verified', {
      provider: 'email',
      verification_type: 'token',
      isPrimary: false,
    })

    const redirectUrl =
      AuthenticationController.getRedirectFromSession(req) || '/project'

    return res.json({
      redir: redirectUrl,
    })
  } catch (error) {
    if (error.name === 'EmailExistsError') {
      return res.status(409).json({
        message: {
          type: 'error',
          text: req.i18n.translate('email_already_registered'),
        },
      })
    }

    logger.err({ error }, 'failed to check confirmation code')

    return res.status(500).json({
      message: {
        key: 'error_performing_request',
      },
    })
  }
}

async function resendSecondaryEmailConfirmationCode(req, res) {
  if (!req.session.pendingSecondaryEmail) {
    logger.err(
      {},
      'error resending confirmation code. missing pendingSecondaryEmail'
    )

    return res.status(500).json({
      message: {
        key: 'error_performing_request',
      },
    })
  }

  const email = req.session.pendingSecondaryEmail.email

  try {
    await resendSecondaryConfirmCodeRateLimiter.consume(email, 1, {
      method: 'email',
    })
  } catch (err) {
    if (err?.remainingPoints === 0) {
      return res.status(429).json({})
    } else {
      throw err
    }
  }

  try {
    const userId = SessionManager.getLoggedInUserId(req.session)

    await UserAuditLogHandler.promises.addEntry(
      userId,
      'resend-add-email-code',
      userId,
      req.ip,
      {
        newSecondaryEmail: email,
      }
    )

    const { confirmCode, confirmCodeExpiresTimestamp } =
      await UserEmailsConfirmationHandler.promises.sendConfirmationCode(
        email,
        true
      )

    req.session.pendingSecondaryEmail.confirmCode = confirmCode
    req.session.pendingSecondaryEmail.confirmCodeExpiresTimestamp =
      confirmCodeExpiresTimestamp

    return res.status(200).json({
      message: { key: 'we_sent_new_code' },
    })
  } catch (err) {
    logger.err({ err, email }, 'failed to send confirmation code')

    return res.status(500).json({
      key: 'error_performing_request',
    })
  }
}

async function primaryEmailCheckPage(req, res) {
  const userId = SessionManager.getLoggedInUserId(req.session)
  const user = await UserGetter.promises.getUser(userId, {
    lastPrimaryEmailCheck: 1,
    signUpDate: 1,
    email: 1,
    emails: 1,
  })

  if (!UserPrimaryEmailCheckHandler.requiresPrimaryEmailCheck(user)) {
    return res.redirect('/project')
  }

  AnalyticsManager.recordEventForUser(
    userId,
    'primary-email-check-page-displayed'
  )
  res.render('user/primaryEmailCheck')
}

async function primaryEmailCheck(req, res) {
  const userId = SessionManager.getLoggedInUserId(req.session)
  await UserUpdater.promises.updateUser(userId, {
    $set: { lastPrimaryEmailCheck: new Date() },
  })
  AnalyticsManager.recordEventForUser(userId, 'primary-email-check-done')
  AsyncFormHelper.redirect(req, res, '/project')
}

async function showConfirm(req, res, next) {
  res.render('user/confirm_email', {
    token: req.query.token,
    title: 'confirm_email',
  })
}

const UserEmailsController = {
  list(req, res, next) {
    const userId = SessionManager.getLoggedInUserId(req.session)
    UserGetter.getUserFullEmails(userId, function (error, fullEmails) {
      if (error) {
        return next(error)
      }
      res.json(fullEmails)
    })
  },

  add: expressify(add),
  addWithConfirmationCode: expressify(addWithConfirmationCode),
  checkSecondaryEmailConfirmationCode: expressify(
    checkSecondaryEmailConfirmationCode
  ),
  resendSecondaryEmailConfirmationCode: expressify(
    resendSecondaryEmailConfirmationCode
  ),

  remove(req, res, next) {
    const userId = SessionManager.getLoggedInUserId(req.session)
    const email = EmailHelper.parseEmail(req.body.email)
    if (!email) {
      return res.sendStatus(422)
    }
    const auditLog = {
      initiatorId: userId,
      ipAddress: req.ip,
    }
    UserUpdater.removeEmailAddress(userId, email, auditLog, function (error) {
      if (error) {
        return next(error)
      }
      res.sendStatus(200)
    })
  },

  setDefault(req, res, next) {
    const userId = SessionManager.getLoggedInUserId(req.session)
    const email = EmailHelper.parseEmail(req.body.email)
    if (!email) {
      return res.sendStatus(422)
    }
    const auditLog = {
      initiatorId: userId,
      ipAddress: req.ip,
    }
    UserUpdater.setDefaultEmailAddress(
      userId,
      email,
      false,
      auditLog,
      true,
      err => {
        if (err) {
          return UserEmailsController._handleEmailError(err, req, res, next)
        }
        SessionManager.setInSessionUser(req.session, { email })
        const user = SessionManager.getSessionUser(req.session)
        UserSessionsManager.removeSessionsFromRedis(
          user,
          req.sessionID, // remove all sessions except the current session
          err => {
            if (err)
              logger.warn(
                { err },
                'failed revoking secondary sessions after changing default email'
              )
          }
        )
        res.sendStatus(200)
      }
    )
  },

  endorse(req, res, next) {
    const userId = SessionManager.getLoggedInUserId(req.session)
    const email = EmailHelper.parseEmail(req.body.email)
    if (!email) {
      return res.sendStatus(422)
    }

    endorseAffiliation(
      userId,
      email,
      req.body.role,
      req.body.department,
      function (error) {
        if (error) {
          return next(error)
        }
        res.sendStatus(204)
      }
    )
  },

  resendConfirmation,

  sendReconfirmation,

  primaryEmailCheckPage: expressify(primaryEmailCheckPage),

  primaryEmailCheck: expressify(primaryEmailCheck),

  showConfirm: expressify(showConfirm),

  confirm(req, res, next) {
    const { token } = req.body
    if (!token) {
      return res.status(422).json({
        message: req.i18n.translate('confirmation_link_broken'),
      })
    }
    UserEmailsConfirmationHandler.confirmEmailFromToken(
      req,
      token,
      function (error, userData) {
        if (error) {
          if (error instanceof Errors.ForbiddenError) {
            res.status(403).json({
              message: {
                key: 'confirm-email-wrong-user',
                text: `We can’t confirm this email. You must be logged in with the Overleaf account that requested the new secondary email.`,
              },
            })
          } else if (error instanceof Errors.NotFoundError) {
            res.status(404).json({
              message: req.i18n.translate('confirmation_token_invalid'),
            })
          } else {
            next(error)
          }
        } else {
          const { userId, email } = userData
          const tokenPrefix = token.substring(0, AUDIT_LOG_TOKEN_PREFIX_LENGTH)
          UserAuditLogHandler.addEntry(
            userId,
            'confirm-email',
            userId,
            req.ip,
            { token: tokenPrefix, email },
            auditLogError => {
              if (auditLogError) {
                logger.error(
                  { error: auditLogError, userId, token: tokenPrefix },
                  'failed to add audit log entry'
                )
              }
              UserGetter.getUser(
                userData.userId,
                { email: 1 },
                function (error, user) {
                  if (error) {
                    logger.error(
                      { error, userId: userData.userId },
                      'failed to get user'
                    )
                  }
                  const isPrimary = user?.email === userData.email
                  AnalyticsManager.recordEventForUser(
                    userData.userId,
                    'email-verified',
                    {
                      provider: 'email',
                      verification_type: 'link',
                      isPrimary,
                    }
                  )
                  res.sendStatus(200)
                }
              )
            }
          )
        }
      }
    )
  },

  _handleEmailError(error, req, res, next) {
    if (error instanceof Errors.UnconfirmedEmailError) {
      return HttpErrorHandler.conflict(req, res, 'email must be confirmed')
    } else if (error instanceof Errors.EmailExistsError) {
      const message = req.i18n.translate('email_already_registered')
      return HttpErrorHandler.conflict(req, res, message)
    } else if (error.message === '422: Email does not belong to university') {
      const message = req.i18n.translate('email_does_not_belong_to_university')
      return HttpErrorHandler.conflict(req, res, message)
    }
    next(error)
  },
}

module.exports = UserEmailsController