Adapt AuthenticationManager.js to work with sharelatex versions > 2.3.1

2025-05-04 19:55:26 +02:00 · 2021-03-11 08:48:34 +01:00 · 2021-03-11 08:48:34 +01:00 · 8f0b270faf
commit 8f0b270faf
parent ca58b4852a
2 changed files with 200 additions and 207 deletions
--- a/ldap-overleaf-sl/Dockerfile
+++ b/ldap-overleaf-sl/Dockerfile
@ -1,4 +1,7 @@
-FROM sharelatex/sharelatex:2.3.1
+FROM sharelatex/sharelatex:2.5.2
+# FROM sharelatex/sharelatex:latest
+# latest might not be tested 
+# e.g. the AuthenticationManager.js script had to be adapted between versions after 2.3.1 
 LABEL maintainer="Simon Haller-Seeber"
 LABEL version="0.1"

--- a/ldap-overleaf-sl/sharelatex/AuthenticationManager.js
+++ b/ldap-overleaf-sl/sharelatex/AuthenticationManager.js
@ -1,9 +1,8 @@
 const Settings = require('settings-sharelatex')
 const { User } = require('../../models/User')
-const {db, ObjectId} = require('../../infrastructure/mongojs')
+const { db, ObjectId } = require('../../infrastructure/mongodb')
 const bcrypt = require('bcrypt')
 const EmailHelper = require('../Helpers/EmailHelper')
-const V1Handler = require('../V1/V1Handler')
 const {
  InvalidEmailError,
  InvalidPasswordError
@ -20,7 +19,7 @@ const BCRYPT_MINOR_VERSION = Settings.security.bcryptMinorVersion || 'a'

 const _checkWriteResult = function(result, callback) {
  // for MongoDB
-    if (result && result.nModified === 1) {
+  if (result && result.modifiedCount === 1) {
    callback(null, true)
  } else {
    callback(null, false)
@ -31,7 +30,7 @@ const AuthenticationManager = {
  authenticate(query, password, callback) {
    // Using Mongoose for legacy reasons here. The returned User instance
    // gets serialized into the session and there may be subtle differences
-    // between the user returned by Mongoose vs mongojs (such as default values)
+    // between the user returned by Mongoose vs mongodb (such as default values)
    User.findOne(query, (error, user) => {
      //console.log("Begining:" + JSON.stringify(query))
      AuthenticationManager.authUserObj(error, user, query, password, callback)
@ -57,7 +56,7 @@ const AuthenticationManager = {
      //console.log("Creating User:" + JSON.stringify(query))
      //create random pass for local userdb, does not get checked for ldap users during login
      let pass = require("crypto").randomBytes(32).toString("hex")
-      console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass)
+      //console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass)

      const userRegHand = require('../User/UserRegistrationHandler.js')
      userRegHand.registerNewUser({
@ -123,10 +122,9 @@ const AuthenticationManager = {
  },

  // validates a password based on a similar set of rules to `complexPassword.js` on the frontend
-  // note that `passfield.js` enforces more rules than this, but these are the most commonly set
-  // returns null on success, or an error string.
-  // Actually we do not need this because we always use the ldap backend
-  validatePassword(password) {
+  // note that `passfield.js` enforces more rules than this, but these are the most commonly set.
+  // returns null on success, or an error object.
+  validatePassword(password, email) {
    if (password == null) {
      return new InvalidPasswordError({
        message: 'password not set',
@ -175,20 +173,20 @@ const AuthenticationManager = {
      return null
    },

-    setUserPassword(userId, password, callback) {
-      AuthenticationManager.setUserPasswordInV2(userId, password, callback)
+  setUserPassword(user, password, callback) {
+    AuthenticationManager.setUserPasswordInV2(user, password, callback)
  },

  checkRounds(user, hashedPassword, password, callback) {
    // Temporarily disable this function, TODO: re-enable this
-        return callback()
+    //return callback()
    if (Settings.security.disableBcryptRoundsUpgrades) {
      return callback()
    }
    // check current number of rounds and rehash if necessary
    const currentRounds = bcrypt.getRounds(hashedPassword)
    if (currentRounds < BCRYPT_ROUNDS) {
-            AuthenticationManager.setUserPassword(user._id, password, callback)
+      AuthenticationManager.setUserPassword(user, password, callback)
    } else {
      callback()
    }
@ -203,8 +201,13 @@ const AuthenticationManager = {
    })
  },

-    setUserPasswordInV2(userId, password, callback) {
-        const validationError = this.validatePassword(password)
+  setUserPasswordInV2(user, password, callback) {
+    //if (!user || !user.email || !user._id) {
+    //  return callback(new Error('invalid user object'))
+    //}
+    
+    console.log("Setting pass for user: " + JSON.stringify(user))
+    const validationError = this.validatePassword(password, user.email)
    if (validationError) {
      return callback(validationError)
    }
@ -212,9 +215,9 @@ const AuthenticationManager = {
      if (error) {
        return callback(error)
      }
-            db.users.update(
+      db.users.updateOne(
        {
-                    _id: ObjectId(userId.toString())
+          _id: ObjectId(user._id.toString())
        },
        {
          $set: {
@ -234,20 +237,6 @@ const AuthenticationManager = {
    })
  },

-    setUserPasswordInV1(v1UserId, password, callback) {
-        const validationError = this.validatePassword(password)
-        if (validationError) {
-            return callback(validationError.message)
-        }
-
-        V1Handler.doPasswordReset(v1UserId, password, function (error, reset) {
-            if (error) {
-                return callback(error)
-            }
-            callback(error, reset)
-        })
-    },
-
  _passwordCharactersAreValid(password) {
    let digits, letters, lettersUp, symbols
    if (
@ -307,12 +296,12 @@ const AuthenticationManager = {
        filter: filterstr ,
      });
      await searchEntries
-          console.log(JSON.stringify(searchEntries))
+      //console.log(JSON.stringify(searchEntries))
      if (searchEntries[0]) {
        mail = searchEntries[0].mail
        firstname = searchEntries[0].givenName
        lastname = searchEntries[0].sn
-            console.log("Found user: " + mail + " Name: " + firstname + " " + lastname)
+        //console.log("Found user: " + mail + " Name: " + firstname + " " + lastname)
      }
    } catch (ex) {
      console.log("An Error occured while getting user data during ldapsearch: " + String(ex))
@ -329,7 +318,7 @@ const AuthenticationManager = {
          filter: adminfilter,
        });
        await adminEntry;
-  	    console.log("Admin Search response:" + JSON.stringify(adminEntry.searchEntries))
+        //console.log("Admin Search response:" + JSON.stringify(adminEntry.searchEntries))
        if (adminEntry.searchEntries[0].mail) {
          console.log("is Admin")
          isAdmin=true;
@ -345,7 +334,7 @@ const AuthenticationManager = {
      console.log("Mail not set - exit. This should not happen - please set mail-entry in ldap.")
      return callback(null, null)
    }
-        console.log("Logging in iser: " + mail + " Name: " + firstname + " " + lastname + " isAdmin: " + String(isAdmin))
+    //console.log("Logging in user: " + mail + " Name: " + firstname + " " + lastname + " isAdmin: " + String(isAdmin))
    // we are authenticated now let's set the query to the correct mail from ldap
    query.email = mail
    User.findOne(query, (error, user) => {
@ -364,7 +353,8 @@ const AuthenticationManager = {

 AuthenticationManager.promises = {
  authenticate: util.promisify(AuthenticationManager.authenticate),
-    hashPassword: util.promisify(AuthenticationManager.hashPassword)
+  hashPassword: util.promisify(AuthenticationManager.hashPassword),
+  setUserPassword: util.promisify(AuthenticationManager.setUserPassword)
 }

 module.exports = AuthenticationManager