Merge pull request #1384 from CVEProject/dr_incorrect_return

Resolving incorrect return flow & mongoose n usage removal

Author: jdaigneau5

src/controller/org.controller/org.controller.js

@@ -395,7 +395,7 @@ async function updateOrg (req, res, next) {
 
     // update org
     let result = await orgRepo.updateByOrgUUID(org.UUID, newOrg)
-    if (result.n === 0) {
+    if (result.matchedCount === 0) {
       logger.info({ uuid: req.ctx.uuid, message: shortName + ' organization could not be updated in MongoDB because it does not exist.' })
       return res.status(404).json(error.orgDnePathParam(shortName))
     }
@@ -450,34 +450,42 @@ async function createUser (req, res, next) {
       return res.status(400).json(error.userLimitReached())
     }
 
-    Object.keys(req.ctx.body).forEach(k => {
-      const key = k.toLowerCase()
+    const body = req.ctx.body
+    const keys = Object.keys(body)
 
-      if (key === 'username') {
-        newUser.username = req.ctx.body.username
-      } else if (key === 'authority') {
-        if (req.ctx.body.authority.active_roles) {
-          newUser.authority.active_roles = [...new Set(req.ctx.body.authority.active_roles)] // Removes any duplicate strings from array
-        }
-      } else if (key === 'name') {
-        if (req.ctx.body.name.first) {
-          newUser.name.first = req.ctx.body.name.first
-        }
-        if (req.ctx.body.name.last) {
-          newUser.name.last = req.ctx.body.name.last
-        }
-        if (req.ctx.body.name.middle) {
-          newUser.name.middle = req.ctx.body.name.middle
-        }
-        if (req.ctx.body.name.suffix) {
-          newUser.name.suffix = req.ctx.body.name.suffix
-        }
-      } else if (key === 'org_uuid') {
-        return res.status(400).json(error.uuidProvided('org'))
-      } else if (key === 'uuid') {
+    for (const keyRaw of keys) {
+      const key = keyRaw.toLowerCase()
+
+      if (key === 'uuid') {
         return res.status(400).json(error.uuidProvided('user'))
       }
-    })
+
+      if (key === 'org_uuid') {
+        return res.status(400).json(error.uuidProvided('org'))
+      }
+
+      const handlers = {
+        username: () => {
+          newUser.username = body.username
+        },
+        authority: () => {
+          if (body.authority?.active_roles) {
+            newUser.authority.active_roles = [...new Set(body.authority.active_roles)]
+          }
+        },
+        name: () => {
+          const name = body.name || {}
+          if (name.first) newUser.name.first = name.first
+          if (name.last) newUser.name.last = name.last
+          if (name.middle) newUser.name.middle = name.middle
+          if (name.suffix) newUser.name.suffix = name.suffix
+        }
+      }
+
+      if (handlers[key]) {
+        handlers[key]() // execute the appropriate handler
+      }
+    }
 
     const requesterOrgUUID = await orgRepo.getOrgUUID(requesterShortName)
     const isSecretariat = await orgRepo.isSecretariatUUID(requesterOrgUUID)
@@ -711,7 +719,7 @@ async function updateUser (req, res, next) {
     newUser.authority.active_roles = duplicateCheckedRoles
 
     let result = await userRepo.updateByUserNameAndOrgUUID(username, orgUUID, newUser)
-    if (result.n === 0) {
+    if (result.matchedCount === 0) {
       logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + username + ' does not exist for ' + shortName + ' organization.' })
       return res.status(404).json(error.userDne(username))
     }
@@ -786,7 +794,7 @@ async function resetSecret (req, res, next) {
     const randomKey = cryptoRandomString({ length: getConstants().CRYPTO_RANDOM_STRING_LENGTH })
     oldUser.secret = await argon2.hash(randomKey) // store in db
     const user = await userRepo.updateByUserNameAndOrgUUID(oldUser.username, orgUUID, oldUser)
-    if (user.n === 0) {
+    if (user.matchedCount === 0) {
       logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + username + ' does not exist for ' + orgShortName + ' organization.' })
       return res.status(404).json(error.userDne(username))
     }