Fix bugs

2024-10-05 23:23:59 +02:00 · 2023-11-23 17:06:44 +08:00 · 2023-11-23 17:06:44 +08:00 · f53790c452
commit f53790c452
parent 242183d601
5 changed files with 110 additions and 63 deletions
--- a/ldap-overleaf-sl/Dockerfile
+++ b/ldap-overleaf-sl/Dockerfile
@ -42,13 +42,10 @@ COPY sharelatex/navbar.pug      /overleaf/services/web/app/views/layout/
 # Non LDAP User Registration for Admins
 COPY sharelatex/admin-index.pug     /overleaf/services/web/app/views/admin/index.pug
 COPY sharelatex/admin-sysadmin.pug  /tmp/admin-sysadmin.pug
-    
+
    ## instead of copying the login.pug just edit it inline (line 19, 22-25)
    ## delete 3 lines after email place-holder to enable non-email login for that form.
 RUN sed -iE '/type=.*email.*/d' /overleaf/services/web/app/views/user/login.pug && \
    ## comment out this line to prevent sed accidently remove the brackets of the email(username) field
    # sed -iE '/email@example.com/{n;N;N;d}' /overleaf/services/web/app/views/user/login.pug && \
-    sed -iE "s/email@example.com/${login_text:-user}/g" /overleaf/services/web/app/views/user/login.pug && \
+RUN sed -iE "s/email@example.com/${login_text:-user}/g" /overleaf/services/web/app/views/user/login.pug && \
    ## Collaboration settings display (share project placeholder) | edit line 146
    ## share.pug file was removed in later versions
    # sed -iE "s%placeholder=.*$%placeholder=\"${collab_text}\"%g" /overleaf/services/web/app/views/project/editor/share.pug && \
--- a/ldap-overleaf-sl/sharelatex/AuthenticationController.js
+++ b/ldap-overleaf-sl/sharelatex/AuthenticationController.js
@ -275,81 +275,79 @@ const AuthenticationController = {
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  oauth2Redirect(req, res, next) {
    const redirectURI = encodeURIComponent(`${process.env.SHARELATEX_SITE_URL}/oauth/callback`) 
-    const next = (
+    const authURL = (
      process.env.OAUTH2_AUTHORIZATION_URL
      + `?response_type=code`
      + `&client_id=${process.env.OAUTH2_CLIENT_ID}`
      + `&redirect_uri=${redirectURI}`
      + `&scope=${process.env.OAUTH2_SCOPE ?? ""}` // TODO: state
    )
-    res.redirect(next)
+    res.redirect(authURL)
  },
  async oauth2Callback(req, res, next) {
    try {
-      const redirectURI = encodeURIComponent(`${process.env.SHARELATEX_SITE_URL}/oauth/callback`);
+      console.log("OAuth2 code", req.query.code)
      const tokenResponse = await fetch(process.env.OAUTH2_TOKEN_URL, {
        method: 'POST',
        headers: {
-          'Content-Type': 'application/json'
+          "Accept": "application/json",
          "Content-Type": "application/json",
        },
        body: JSON.stringify({
          grant_type: "authorization_code",
          client_id: process.env.OAUTH2_CLIENT_ID,
          client_secret: process.env.OAUTH2_CLIENT_SECRET,
          code: req.query.code,
-          redirect_uri: redirectURI,
+          redirect_uri: `${process.env.SHARELATEX_SITE_URL}/oauth/callback`,
        })
      })
      const tokenData = await tokenResponse.json()
-      console.log("OAuth2 respond", JSON.stringify(tokenData))  // TODO: remove
+      console.log("OAuth2 respond", JSON.stringify(tokenData))
      console.log("OAuth2 accessToken", tokenData.access_token) // TODO: remove
      const profileResponse = await fetch(process.env.OAUTH2_PROFILE_URL, {
        method: 'GET',
        headers: {
          "Accept": "application/json",
          "Authorization": `Bearer ${tokenData.access_token}`,
          "Content-Type": "application/json",
          "Authorization": `Bearer ${tokenData.access_token}`
        }
      })
      const profile = await profileResponse.json()
-      console.log("OAuth2 user info", JSON.stringify(profile.data))
+      console.log("OAuth2 user profile", JSON.stringify(profile))
      const email = profile[process.env.OAUTH2_USER_ATTR_EMAIL ?? "email"]
      const uid = profile[process.env.OAUTH2_USER_ATTR_UID ?? "uid"]
      const firstname = profile?.[process.env.OAUTH2_USER_ATTR_FIRSTNAME] ?? email
-      const lastname = profile?.[process.env.OAUTH2_USER_ATTR_LASTNAME] ?? ""
+      const lastname = process.env.OAUTH2_USER_ATTR_LASTNAME
-
+        ? profile?.[process.env.OAUTH2_USER_ATTR_LASTNAME] ?? ""
-      const isAdmin = false // TODO: how to determine?        
+        : ""
      const isAdmin = process.env.OAUTH2_USER_ATTR_IS_ADMIN
        ? !!profile?.[process.env.OAUTH2_USER_ATTR_IS_ADMIN] ?? false
        : false
      const query = { email }
-      User.findOne(query, (error, user) => {
+      const callback = (error, user) => {
        if (error) {
-          console.log(error)
+          res.json({message: error});
        } else {
          console.log("OAuth user", JSON.stringify(user));
          AuthenticationController.finishLogin(user, req, res, next);
        }
-
+      }
-        const callback = (error, user) => {
+      AuthenticationManager.createIfNotFoundAndLogin(
-          if (error) {
+        query,
-            res.json({message: error});
+        callback,
-          } else {
+        uid,
-            // console.log("real_user: ", user);
+        firstname,
-            AuthenticationController.finishLogin(user, req, res, next);
+        lastname,
-          }
+        email,
-        }
+        isAdmin
-        AuthenticationManager.createIfNotExistAndLogin(
+      )
          query,
          user,
          callback,
          uid,
          firstname,
          lastname,
          email,
          isAdmin
        )
      })
    } catch(e) {
-      console.log("Fails to access by OAuth2: " + String(e))
+      res.redirect("/login")
      console.error("Fails to access by OAuth2: " + String(e))
    }
  },
 // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
--- a/ldap-overleaf-sl/sharelatex/AuthenticationManager.js
+++ b/ldap-overleaf-sl/sharelatex/AuthenticationManager.js
@ -184,6 +184,33 @@ const AuthenticationManager = {
    callback(null, user, true)
  },
  createIfNotFoundAndLogin(
    query,
    callback,
    uid,
    firstname,
    lastname,
    mail,
    isAdmin
  ) {
    User.findOne(query, (error, user) => {
      if (error) {
        console.log(error)
      }
      AuthenticationManager.createIfNotExistAndLogin(
        query,
        user,
        callback,
        uid,
        firstname,
        lastname,
        mail,
        isAdmin
      )
    })
  },
  createIfNotExistAndLogin(
    query,
    user,
@ -195,10 +222,9 @@ const AuthenticationManager = {
    isAdmin
  ) {
    if (!user) {
      //console.log('Creating User:' + JSON.stringify(query))
      //create random pass for local userdb, does not get checked for ldap users during login
-      let pass = require("crypto").randomBytes(32).toString("hex")
+      const pass = require("crypto").randomBytes(32).toString("hex")
-      //console.log('Creating User:' + JSON.stringify(query) + 'Random Pass' + pass)
+      console.log('Creating User', { mail, uid, firstname, lastname, isAdmin, pass })
      const userRegHand = require("../User/UserRegistrationHandler.js")
      userRegHand.registerNewUser(
@ -228,6 +254,7 @@ const AuthenticationManager = {
        }
      ) // end register user
    } else {
      console.log('User exists', { mail })
      AuthenticationManager.login(user, "randomPass", callback)
    }
  },
--- a/ldap-overleaf-sl/sharelatex/login.pug
+++ b/ldap-overleaf-sl/sharelatex/login.pug
@ -16,13 +16,21 @@ block content
 							input(name='_csrf', type='hidden', value=csrfToken)
 							+formMessages()
 							.form-group
 								//- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 								//- input.form-control(
 								//- 	type='email',
 								//- 	name='email',
 								//- 	required,
 								//- 	placeholder='email@example.com',
 								//- 	autofocus="true"
 								//- )
 								input.form-control(
 									type='email',
 									name='email',
 									required,
 									placeholder='email@example.com',
 									autofocus="true"
 								)
 								//- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
 							.form-group
 								input.form-control(
 									type='password',
@ -38,8 +46,8 @@ block content
 									span(data-ol-inflight="idle") #{translate("login")}
 									span(hidden data-ol-inflight="pending") #{translate("logging_in")}…
 								a.pull-right(href='/user/password/reset') #{translate("forgot_your_password")}?
-                            //- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+							//- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 							.form-group.text-center(style="padding-top: 10px")
 								a.btn-block.login-btn(href="/oauth/redirect" style='padding-left: 0px')
 									| Log in via OAuth
-                            //- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+							//- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
--- a/ldap-overleaf-sl/sharelatex/router.js
+++ b/ldap-overleaf-sl/sharelatex/router.js
@ -1,6 +1,6 @@
 /**
 * >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- * Modified from 6408d15
+ * Modified from bf92436
 * <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
 */
@ -27,7 +27,6 @@ const UserInfoController = require('./Features/User/UserInfoController')
 const UserController = require('./Features/User/UserController')
 const UserEmailsController = require('./Features/User/UserEmailsController')
 const UserPagesController = require('./Features/User/UserPagesController')
 const TutorialController = require('./Features/Tutorial/TutorialController')
 const DocumentController = require('./Features/Documents/DocumentController')
 const CompileManager = require('./Features/Compile/CompileManager')
 const CompileController = require('./Features/Compile/CompileController')
@ -105,6 +104,10 @@ const rateLimiters = {
    points: 10,
    duration: 60,
  }),
  confirmUniversityDomain: new RateLimiter('confirm-university-domain', {
    points: 1,
    duration: 60,
  }),
  createProject: new RateLimiter('create-project', {
    points: 20,
    duration: 60,
@ -149,6 +152,10 @@ const rateLimiters = {
    points: 30,
    duration: 60,
  }),
  indexProjectReferences: new RateLimiter('index-project-references', {
    points: 30,
    duration: 60,
  }),
  miscOutputDownload: new RateLimiter('misc-output-download', {
    points: 1000,
    duration: 60 * 60,
@ -185,7 +192,7 @@ const rateLimiters = {
    duration: 60,
  }),
  resendConfirmation: new RateLimiter('resend-confirmation', {
-    points: 1,
+    points: 10,
    duration: 60,
  }),
  sendChatMessage: new RateLimiter('send-chat-message', {
@ -256,12 +263,12 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
    AuthenticationController.addEndpointToLoginWhitelist('/register')
  }
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-webRouter.get('/oauth/redirect', AuthenticationController.oauth2Redirect)
+  webRouter.get('/oauth/redirect', AuthenticationController.oauth2Redirect)
-webRouter.get('/oauth/callback', AuthenticationController.oauth2Callback)
+  webRouter.get('/oauth/callback', AuthenticationController.oauth2Callback)
-AuthenticationController.addEndpointToLoginWhitelist('/oauth/redirect')
+  AuthenticationController.addEndpointToLoginWhitelist('/oauth/redirect')
-AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
+  AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
-// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+  // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  EditorRouter.apply(webRouter, privateApiRouter)
  CollaboratorsRouter.apply(webRouter, privateApiRouter)
@ -433,12 +440,6 @@ AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
    TpdsController.getQueues
  )
  webRouter.post(
    '/tutorial/:tutorialKey/complete',
    AuthenticationController.requireLogin(),
    TutorialController.completeTutorial
  )
  webRouter.get(
    '/user/projects',
    AuthenticationController.requireLogin(),
@ -734,6 +735,16 @@ AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
    AuthorizationMiddleware.ensureUserCanReadProject,
    HistoryController.proxyToHistoryApi
  )
  webRouter.post(
    '/project/:Project_id/doc/:doc_id/version/:version_id/restore',
    AuthorizationMiddleware.ensureUserCanWriteProjectContent,
    HistoryController.proxyToHistoryApi
  )
  webRouter.post(
    '/project/:project_id/doc/:doc_id/restore',
    AuthorizationMiddleware.ensureUserCanWriteProjectContent,
    HistoryController.restoreDocFromDeletedDoc
  )
  webRouter.post(
    '/project/:project_id/restore_file',
    AuthorizationMiddleware.ensureUserCanWriteProjectContent,
@ -1082,6 +1093,12 @@ AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
    ChatController.sendMessage
  )
  webRouter.post(
    '/project/:Project_id/references/index',
    AuthorizationMiddleware.ensureUserCanReadProject,
    RateLimiterMiddleware.rateLimit(rateLimiters.indexProjectReferences),
    ReferencesController.index
  )
  webRouter.post(
    '/project/:Project_id/references/indexAll',
    AuthorizationMiddleware.ensureUserCanReadProject,
@ -1130,6 +1147,7 @@ AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
  )
  publicApiRouter.post(
    '/api/institutions/confirm_university_domain',
    RateLimiterMiddleware.rateLimit(rateLimiters.confirmUniversityDomain),
    AuthenticationController.requirePrivateApiAuth(),
    InstitutionsController.confirmDomain
  )
@ -1357,5 +1375,4 @@ AuthenticationController.addEndpointToLoginWhitelist('/oauth/callback')
  webRouter.get('*', ErrorController.notFound)
 }
-
+module.exports = { initialize, rateLimiters }
 module.exports = { initialize, rateLimiters }