Skip to content

Commit

Permalink
Merge pull request Expensify#29248 from DylanDylann/fix/28925-public-…
Browse files Browse the repository at this point in the history
…room-anonymous-user-able-to-edit

Fix/28925: Anonymous user can edit profile
  • Loading branch information
stitesExpensify authored Nov 2, 2023
2 parents 45c1297 + 3ff9451 commit 5ae80bd
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import tryResolveUrlFromApiRoot from '@libs/tryResolveUrlFromApiRoot';
import * as Url from '@libs/Url';
import styles from '@styles/styles';
import * as Link from '@userActions/Link';
import * as Session from '@userActions/Session';
import CONFIG from '@src/CONFIG';
import CONST from '@src/CONST';
import ROUTES from '@src/ROUTES';
Expand Down Expand Up @@ -52,6 +53,10 @@ function AnchorRenderer(props) {
// If we are handling a New Expensify link then we will assume this should be opened by the app internally. This ensures that the links are opened internally via react-navigation
// instead of in a new tab or with a page refresh (which is the default behavior of an anchor tag)
if (internalNewExpensifyPath && hasSameOrigin) {
if (Session.isAnonymousUser() && !Session.canAccessRouteByAnonymousUser(internalNewExpensifyPath)) {
Session.signOutAndRedirectToSignIn();
return;
}
Navigation.navigate(internalNewExpensifyPath);
return;
}
Expand Down
6 changes: 6 additions & 0 deletions src/libs/actions/Report.js
Original file line number Diff line number Diff line change
Expand Up @@ -2000,6 +2000,12 @@ function openReportFromDeepLink(url, isAuthenticated) {
navigateToConciergeChat(true);
return;
}
if (Session.isAnonymousUser() && !Session.canAccessRouteByAnonymousUser(route)) {
Navigation.isNavigationReady().then(() => {
Session.signOutAndRedirectToSignIn();
});
return;
}
Navigation.navigate(route, CONST.NAVIGATION.TYPE.PUSH);
});
});
Expand Down
28 changes: 28 additions & 0 deletions src/libs/actions/Session/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,33 @@ function waitForUserSignIn(): Promise<boolean> {
});
}

/**
* check if the route can be accessed by anonymous user
*
* @param {string} route
*/

const canAccessRouteByAnonymousUser = (route: string) => {
const reportID = ReportUtils.getReportIDFromLink(route);
if (reportID) {
return true;
}
const parsedReportRouteParams = ReportUtils.parseReportRouteParams(route);
let routeRemovedReportId = route;
if ((parsedReportRouteParams as {reportID: string})?.reportID) {
routeRemovedReportId = route.replace((parsedReportRouteParams as {reportID: string})?.reportID, ':reportID');
}
if (route.startsWith('/')) {
routeRemovedReportId = routeRemovedReportId.slice(1);
}
const routesCanAccessByAnonymousUser = [ROUTES.SIGN_IN_MODAL, ROUTES.REPORT_WITH_ID_DETAILS.route, ROUTES.REPORT_WITH_ID_DETAILS_SHARE_CODE.route];

if ((routesCanAccessByAnonymousUser as string[]).includes(routeRemovedReportId)) {
return true;
}
return false;
};

export {
beginSignIn,
beginAppleSignIn,
Expand Down Expand Up @@ -900,4 +927,5 @@ export {
toggleTwoFactorAuth,
validateTwoFactorAuth,
waitForUserSignIn,
canAccessRouteByAnonymousUser,
};
2 changes: 1 addition & 1 deletion src/pages/signin/SignInModal.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function SignInModal() {
shouldEnableMaxHeight
testID={SignInModal.displayName}
>
<HeaderWithBackButton />
<HeaderWithBackButton onBackButtonPress={Navigation.dismissModal} />
<SignInPage isInModal />
</ScreenWrapper>
);
Expand Down

0 comments on commit 5ae80bd

Please sign in to comment.