CVEProject
diff --git a/‎api-docs/openapi.json‎
Lines changed: 14 additions & 4 deletions b/‎api-docs/openapi.json‎
Lines changed: 14 additions & 4 deletions
diff --git a/‎src/controller/org.controller/index.js‎
Lines changed: 123 additions & 11 deletions b/‎src/controller/org.controller/index.js‎
Lines changed: 123 additions & 11 deletions
@@ -1448,7 +1448,7 @@
           }
         },
         "requestBody": {
-          "description": "<h3>Notes:</h3>   <ul>   <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>   <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>   </ul>",
+          "description": "<h3>Notes:</h3>  <ul>  <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>  <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>  </ul>",
           "required": true,
           "content": {
             "application/json": {
@@ -1560,7 +1560,7 @@
           }
         },
         "requestBody": {
-          "description": "<h3>Notes:</h3>   <ul>   <li>When updating a rejected record to published, it is recommended to confirm that both the Cve-Id and CVE record are in the correct state after calling this endpoint. Though very unlikely, a race condition can occur causing the two states to be out of sync. </li>   <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>   <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>   </ul>",
+          "description": "<h3>Notes:</h3>  <ul>  <li>When updating a rejected record to published, it is recommended to confirm that both the Cve-Id and CVE record are in the correct state after calling this endpoint. Though very unlikely, a race condition can occur causing the two states to be out of sync. </li>  <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>  <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>  </ul>",
           "required": true,
           "content": {
             "application/json": {
@@ -1671,7 +1671,7 @@
           }
         },
         "requestBody": {
-          "description": "<h3>Notes:</h3>   <ul>   <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>   <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>   </ul>",
+          "description": "<h3>Notes:</h3>  <ul>  <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>  <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>  </ul>",
           "required": true,
           "content": {
             "application/json": {
@@ -1772,7 +1772,7 @@
           }
         },
         "requestBody": {
-          "description": "<h3>Notes:</h3>   <ul>   <li>It is recommended to confirm that both the Cve-Id and CVE record are in the REJECTED state after calling this endpoint. Though very unlikely, a race condition can occur causing the two states to be out of sync. </li>   <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>   <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>   </ul>",
+          "description": "<h3>Notes:</h3>  <ul>  <li>It is recommended to confirm that both the Cve-Id and CVE record are in the REJECTED state after calling this endpoint. Though very unlikely, a race condition can occur causing the two states to be out of sync. </li>  <li>**providerMetadata** is set by the server. If provided, it will be overwritten.</li>  <li>**datePublished** and **assignerShortname** are optional fields in the schema, but are set by the server. </li>  </ul>",
           "required": true,
           "content": {
             "application/json": {
@@ -1887,6 +1887,16 @@
         }
       }
     },
+    "/org/registry/createOrg": {
+      "get": {
+        "description": "",
+        "responses": {
+          "400": {
+            "description": "Bad Request"
+          }
+        }
+      }
+    },
     "/org": {
       "get": {
         "tags": [
 
@@ -4,13 +4,126 @@ const mw = require('../../middleware/middleware')
 const errorMsgs = require('../../middleware/errorMessages')
 const controller = require('./org.controller')
 const { body, param, query } = require('express-validator')
-const { parseGetParams, parsePostParams, parseError, isUserRole, isValidUsername, validateCreateOrgParameters, validateUpdateOrgParameters, validateUserIdOrUsername } = require('./org.middleware')
+const { parseGetParams, parsePostParams, parseError, isUserRole, isValidUsername, isOrgRole, validateUpdateOrgParameters } = require('./org.middleware')
 // Only God and Javascript know swhy its saying it is not used when it is.....
 // eslint-disable-next-line no-unused-vars
 const { toUpperCaseArray, isFlatStringArray, handleRegistryParameter } = require('../../middleware/middleware')
 const getConstants = require('../../../src/constants').getConstants
 const CONSTANTS = getConstants()
 
+router.get('/registry/org',
+  mw.useRegistry(),
+  mw.validateUser,
+  mw.onlySecretariat,
+  query().custom((query) => { return mw.validateQueryParameterNames(query, ['page']) }),
+  query(['page']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
+  query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
+  parseError,
+  parseGetParams,
+  controller.ORG_ALL
+)
+
+router.get('/registry/org/:shortname/users',
+  mw.useRegistry(),
+  mw.validateUser,
+  param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
+  query(['page']).optional().isInt({ min: CONSTANTS.PAGINATOR_PAGE }),
+  parseError,
+  parseGetParams,
+  controller.USER_ALL)
+
+router.get('/registry/org/:shortname/id_quota',
+  mw.useRegistry(),
+  mw.validateUser,
+  param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
+  parseError,
+  parseGetParams,
+  controller.ORG_ID_QUOTA)
+
+router.get('/registry/org/:identifier',
+  mw.useRegistry(),
+  mw.validateUser,
+  parseError,
+  parseGetParams,
+  controller.ORG_SINGLE
+)
+router.get('/registry/org/:shortname/user/:username',
+  mw.useRegistry(),
+  mw.validateUser,
+  param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
+  param(['username']).isString().trim().notEmpty().custom(isValidUsername),
+  parseError,
+  parseGetParams,
+  controller.USER_SINGLE
+)
+router.post('/registry/org',
+  mw.useRegistry(),
+  mw.validateUser,
+  mw.onlySecretariat,
+  parsePostParams,
+  parseError,
+  controller.REGISTRY_CREATE_ORG
+)
+
+router.put('/registry/org/:shortname',
+  mw.useRegistry(),
+  mw.validateUser,
+  mw.onlySecretariat,
+  parseError,
+  parsePostParams,
+  controller.REGISTRY_UPDATE_ORG
+)
+
+router.post('/registry/org/:shortname/user',
+  mw.useRegistry(),
+  mw.validateUser,
+  mw.onlySecretariatOrAdmin,
+  mw.onlyOrgWithPartnerRole,
+  parseError,
+  parsePostParams,
+  controller.USER_CREATE_SINGLE
+)
+router.put('/registry/org/:shortname/user/:username',
+  mw.useRegistry(),
+  mw.validateUser,
+  mw.onlyOrgWithPartnerRole,
+  query().custom((query) => {
+    return mw.validateQueryParameterNames(query, ['active', 'new_username', 'org_short_name', 'name.first', 'name.last', 'name.middle',
+      'name.suffix', 'active_roles.add', 'active_roles.remove', 'registry'])
+  }),
+  query(['active', 'new_username', 'org_short_name', 'name.first', 'name.last', 'name.middle',
+    'name.suffix', 'active_roles.add', 'active_roles.remove', 'registry']).custom((val) => { return mw.containsNoInvalidCharacters(val) }),
+  param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
+  param(['username']).isString().trim().notEmpty().custom(isValidUsername),
+  query(['active']).optional().isBoolean({ loose: true }),
+  query(['new_username']).optional().isString().trim().notEmpty().custom(isValidUsername),
+  query(['org_short_name']).optional().isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
+  query(['name.first']).optional().isString().trim().isLength({ max: CONSTANTS.MAX_FIRSTNAME_LENGTH }).withMessage(errorMsgs.FIRSTNAME_LENGTH),
+  query(['name.last']).optional().isString().trim().isLength({ max: CONSTANTS.MAX_LASTNAME_LENGTH }).withMessage(errorMsgs.LASTNAME_LENGTH),
+  query(['name.middle']).optional().isString().trim().isLength({ max: CONSTANTS.MAX_MIDDLENAME_LENGTH }).withMessage(errorMsgs.MIDDLENAME_LENGTH),
+  query(['name.suffix']).optional().isString().trim().isLength({ max: CONSTANTS.MAX_SUFFIX_LENGTH }).withMessage(errorMsgs.SUFFIX_LENGTH),
+  query(['active_roles.add']).optional().toArray()
+    .custom(isFlatStringArray)
+    .bail()
+    .customSanitizer(toUpperCaseArray)
+    .custom(isUserRole).withMessage(errorMsgs.USER_ROLES),
+  query(['active_roles.remove']).optional().toArray()
+    .custom(isFlatStringArray)
+    .customSanitizer(toUpperCaseArray)
+    .custom(isUserRole).withMessage(errorMsgs.USER_ROLES),
+  parseError,
+  parsePostParams,
+  controller.USER_UPDATE_SINGLE)
+
+router.put('/registry/org/:shortname/user/:username/reset_secret',
+  mw.useRegistry(),
+  mw.validateUser,
+  mw.onlyOrgWithPartnerRole,
+  parseError,
+  parsePostParams,
+  controller.USER_RESET_SECRET
+)
+
 router.get('/org',
   /*
   #swagger.tags = ['Organization']
@@ -178,11 +291,15 @@ router.post(
     }
   }
   */
-  param(['registry']).optional().isBoolean(),
-  mw.handleRegistryParameter,
   mw.validateUser,
   mw.onlySecretariat,
-  validateCreateOrgParameters(),
+  body(['short_name']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
+  body(['name']).isString().trim().notEmpty(),
+  body(['authority.active_roles']).optional()
+    .custom(isFlatStringArray)
+    .customSanitizer(toUpperCaseArray)
+    .custom(isOrgRole),
+  body(['policies.id_quota']).optional().not().isArray().isInt({ min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max }).withMessage(errorMsgs.ID_QUOTA),
   parseError,
   parsePostParams,
   controller.ORG_CREATE_SINGLE
@@ -513,6 +630,7 @@ router.get('/org/:shortname/users',
   parseError,
   parseGetParams,
   controller.USER_ALL)
+
 router.post('/org/:shortname/user',
   /*
   #swagger.tags = ['Users']
@@ -598,12 +716,9 @@ router.post('/org/:shortname/user',
     }
   }
   */
-  param(['registry']).optional().isBoolean(),
-  mw.handleRegistryParameter,
   mw.validateUser,
   mw.onlySecretariatOrAdmin,
   mw.onlyOrgWithPartnerRole,
-  validateUserIdOrUsername(),
   param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
   body(['org_uuid']).optional().isString().trim(),
   body(['uuid']).optional().isString().trim(),
@@ -692,8 +807,6 @@ router.get('/org/:shortname/user/:username',
     }
   }
   */
-  param(['registry']).optional().isBoolean(),
-  mw.handleRegistryParameter,
   mw.validateUser,
   param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
   param(['username']).isString().trim().notEmpty().custom(isValidUsername),
@@ -783,8 +896,7 @@ router.put('/org/:shortname/user/:username',
     }
   }
   */
-  param(['registry']).optional().isBoolean(),
-  mw.handleRegistryParameter,
+
   mw.validateUser,
   mw.onlyOrgWithPartnerRole,
   query().custom((query) => {