Pass at removing

Author: david-rocca

src/controller/registry-user.controller/index.js

@@ -145,7 +145,7 @@ router.get('/registryUser/:identifier',
   controller.SINGLE_USER
 )
 
-router.post('/registryUser',
+router.post('/registryUser/:shortname',
   /*
   #swagger.tags = ['Registry User']
   #swagger.operationId = 'createRegistryUser'
@@ -212,9 +212,6 @@ router.post('/registryUser',
   */
   mw.validateUser,
   mw.onlySecretariat,
-  // mw.onlySecretariat, // TODO: permissions
-  // TODO: validation
-  // parseError,
   parsePostParams,
   controller.CREATE_USER
 )

src/controller/registry-user.controller/registry-user.controller.js

@@ -1,6 +1,4 @@
-const argon2 = require('argon2')
-const cryptoRandomString = require('crypto-random-string')
-const uuid = require('uuid')
+const mongoose = require('mongoose')
 const logger = require('../../middleware/logger')
 const { getConstants } = require('../../constants')
 const errors = require('../user.controller/error')
@@ -9,6 +7,9 @@ const error = new errors.UserControllerError()
 async function getAllUsers (req, res, next) {
   try {
     const CONSTANTS = getConstants()
+    const session = await mongoose.startSession()
+    const repo = req.ctx.repositories.getBaseUserRepository()
+    let returnValue
 
     // temporary measure to allow tests to work after fixing #920
     // tests required changing the global limit to force pagination
@@ -19,107 +20,98 @@ async function getAllUsers (req, res, next) {
     const options = CONSTANTS.PAGINATOR_OPTIONS
     options.sort = { short_name: 'asc' }
     options.page = req.ctx.query.page ? parseInt(req.ctx.query.page) : CONSTANTS.PAGINATOR_PAGE // if 'page' query parameter is not defined, set 'page' to the default page value
-    const repo = req.ctx.repositories.getRegistryUserRepository()
 
-    const agt = setAggregateUserObj({})
-    const pg = await repo.aggregatePaginate(agt, options)
-
-    const payload = { users: pg.itemsList }
-
-    if (pg.itemCount >= CONSTANTS.PAGINATOR_OPTIONS.limit) {
-      payload.totalCount = pg.itemCount
-      payload.itemsPerPage = pg.itemsPerPage
-      payload.pageCount = pg.pageCount
-      payload.currentPage = pg.currentPage
-      payload.prevPage = pg.prevPage
-      payload.nextPage = pg.nextPage
+    try {
+      returnValue = await repo.getAllUsers(options)
+    } finally {
+      await session.endSession()
     }
 
     logger.info({ uuid: req.ctx.uuid, message: 'The user information was sent to the secretariat user.' })
-    return res.status(200).json(payload)
+    return res.status(200).json(returnValue)
   } catch (err) {
     next(err)
   }
 }
 
 async function getUser (req, res, next) {
   try {
-    const repo = req.ctx.repositories.getRegistryUserRepository()
+    const repo = req.ctx.repositories.getBaseUserRepository()
     const identifier = req.ctx.params.identifier
-    const agt = setAggregateUserObj({ UUID: identifier })
-    let result = await repo.aggregate(agt)
-    result = result.length > 0 ? result[0] : null
 
-    logger.info({ uuid: req.ctx.uuid, message: identifier + ' user was sent to the user.', user: result })
+    const result = await repo.findUserByUUID(identifier)
+    if (!result) {
+      logger.info({ uuid: req.ctx.uuid, message: identifier + 'user could not be found.' })
+      return res.status(404).json(error.userDne(identifier))
+    }
     return res.status(200).json(result)
   } catch (err) {
     next(err)
   }
 }
 
 async function createUser (req, res, next) {
+  const session = await mongoose.startSession()
   try {
-    // const requesterUsername = req.ctx.user
-    // const requesterShortName = req.ctx.org
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
-    const registryUserRepo = req.ctx.repositories.getRegistryUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const body = req.ctx.body
+    const orgShortName = req.ctx.params.shortname
+    let returnValue
+
+    const orgUUID = await orgRepo.getOrgUUID(orgShortName)
+    if (!orgUUID) {
+      logger.info({ uuid: req.ctx.uuid, message: 'The user could not be created because ' + orgShortName + ' organization does not exist.' })
+      return res.status(404).json(error.orgDnePathParam(orgShortName))
+    }
 
-    // Short circuit if UUID provided
-    const bodyKeys = Object.keys(body).map((k) => k.toLowerCase())
-    if (bodyKeys.includes('uuid')) {
+    // Do not allow the user to pass in a UUID
+    if ((body?.UUID ?? null) || (body?.uuid ?? null)) {
       return res.status(400).json(error.uuidProvided('user'))
     }
 
-    // TODO: check if affiliated orgs and program orgs exist, and if their membership limit is reached
-
-    const newUser = new RegistryUser()
-    Object.keys(body).map(k => k.toLowerCase()).forEach(k => {
-      if (k === 'user_id' || k === 'username') {
-        newUser.user_id = body[k]
-      } else if (k === 'name') {
-        newUser.name = {
-          first: '',
-          last: '',
-          middle: '',
-          suffix: '',
-          ...body.name
-        }
-      } else if (k === 'org_affiliations') {
-        // TODO: dedupe
-      } else if (k === 'cve_program_org_membership') {
-        // TODO: dedupe
-      }
-    })
+    if ((body?.org_UUID ?? null) || (body?.org_uuid ?? null)) {
+      return res.status(400).json(error.uuidProvided('org'))
+    }
 
-    // TODO: check that requesting user is admin of org for new user
+    try {
+      session.startTransaction()
 
-    newUser.UUID = uuid.v4()
-    const randomKey = cryptoRandomString({ length: getConstants().CRYPTO_RANDOM_STRING_LENGTH })
-    newUser.secret = await argon2.hash(randomKey)
-    newUser.last_active = null
-    newUser.deactivation_date = null
+      const result = await userRepo.validateUser(body)
+      if (body?.role && typeof body?.role !== 'string') {
+        return res.status(400).json({ message: 'Parameters were invalid', details: [{ param: 'role', msg: 'Parameter must be a string' }] })
+      }
+      if (!result.isValid) {
+        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' }))
+        await session.abortTransaction()
+        return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
+      }
 
-    await registryUserRepo.updateByUUID(newUser.UUID, newUser, { upsert: true })
-    const agt = setAggregateUserObj({ UUID: newUser.UUID })
-    let result = await registryUserRepo.aggregate(agt)
-    result = result.length > 0 ? result[0] : null
+      // Ask repo if user already exists
+      if (await userRepo.orgHasUser(orgShortName, body?.username, { session })) {
+        logger.info({ uuid: req.ctx.uuid, message: `${body?.username} user was not created because it already exists.` })
+        await session.abortTransaction()
+        return res.status(400).json(error.userExists(body?.username))
+      }
 
-    const payload = {
-      action: 'create_registry_user',
-      change: result.user_id + ' was successfully created.',
-      req_UUID: req.ctx.uuid,
-      org_UUID: await orgRepo.getOrgUUID(req.ctx.org),
-      user: result
+      const users = await userRepo.findUsersByOrgShortname(orgShortName, { session })
+      if (users.length >= 100) {
+        await session.abortTransaction()
+        return res.status(400).json(error.userLimitReached())
+      }
+
+      returnValue = await userRepo.createUser(orgShortName, body, { session, upsert: true })
+      await session.commitTransaction()
+    } catch (error) {
+      await session.abortTransaction()
+      throw error
+    } finally {
+      await session.endSession()
     }
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
-    logger.info(JSON.stringify(payload))
 
-    result.secret = randomKey
     const responseMessage = {
-      message: result.user_id + ' was successfully created.',
-      created: result
+      message: `${body?.user_id} + ' was successfully created.`,
+      created: returnValue
     }
 
     return res.status(200).json(responseMessage)
@@ -130,48 +122,9 @@ async function createUser (req, res, next) {
 
 async function updateUser (req, res, next) {
   try {
-    // const username = req.ctx.params.username
-    // const shortName = req.ctx.params.shortname
     const userUUID = req.ctx.params.identifier
-    const userRepo = req.ctx.repositories.getUserRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const registryUserRepo = req.ctx.repositories.getRegistryUserRepository()
-    // const orgUUID = await orgRepo.getOrgUUID(shortName)
-    // Check if requester is Admin of the designated user's org
-
-    const user = await registryUserRepo.findOneByUUID(userUUID)
-    const newUser = new RegistryUser()
-
-    // Sets the name values to what currently exists in the database, this ensures data is retained during partial name updates
-    newUser.name.first = user.name.first
-    newUser.name.last = user.name.last
-    newUser.name.middle = user.name.middle
-    newUser.name.suffix = user.name.suffix
-
-    // TODO: check permissions
-    // Check to ensure that the user has the right permissions to edit the fields tha they are requesting to edit, and fail fast if they do not.
-    // if (Object.keys(req.ctx.query).length > 0 && Object.keys(req.ctx.query).some((key) => { return queryParameterPermissions[key] }) && !(isAdmin || isSecretariat)) {
-    // logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + requesterUsername + ' user is not Org Admin or Secretariat to modify these fields.' })
-    // return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())
-    // }
-
-    for (const k in req.ctx.query) {
-      const key = k.toLowerCase()
-
-      if (key === 'new_user_id') {
-        newUser.user_id = req.ctx.query.new_user_id
-      } else if (key === 'name.first') {
-        newUser.name.first = req.ctx.query['name.first']
-      } else if (key === 'name.last') {
-        newUser.name.last = req.ctx.query['name.last']
-      } else if (key === 'name.middle') {
-        newUser.name.middle = req.ctx.query['name.middle']
-      } else if (key === 'name.suffix') {
-        newUser.name.suffix = req.ctx.query['name.suffix']
-      }
-
-      // TODO: process org affiliations and program org membership updates
-    }
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
 
     await registryUserRepo.updateByUUID(userUUID, newUser)
     const agt = setAggregateUserObj({ UUID: userUUID })

src/controller/user.controller/user.controller.js

@@ -31,19 +31,6 @@ async function getAllUsers (req, res, next) {
       await session.endSession()
     }
 
-    /* const agt = isRegistry ? setAggregateRegistryUserObj({}) : setAggregateUserObj({})
-    const pg = await repo.aggregatePaginate(agt, options)
-    const payload = { users: pg.itemsList }
-
-    if (pg.itemCount >= CONSTANTS.PAGINATOR_OPTIONS.limit) {
-      payload.totalCount = pg.itemCount
-      payload.itemsPerPage = pg.itemsPerPage
-      payload.pageCount = pg.pageCount
-      payload.currentPage = pg.currentPage
-      payload.prevPage = pg.prevPage
-      payload.nextPage = pg.nextPage
-    } */
-
     logger.info({ uuid: req.ctx.uuid, message: 'The user information was sent to the secretariat user.' })
     return res.status(200).json(returnValue)
   } catch (err) {

src/repositories/baseUserRepository.js

@@ -316,6 +316,11 @@ class BaseUserRepository extends BaseRepository {
     return deepRemoveEmpty(plainJavascriptRegistryUser)
   }
 
+  async updateUserFull () {
+    const baseOrgRepository = new BaseOrgRepository()
+    const legacyUserRepo = new UserRepository()
+  }
+
   async resetSecret (username, orgShortName, options = {}, isLegacyObject = false) {
     const legacyUserRepo = new UserRepository()
     const baseOrgRepository = new BaseOrgRepository()