@@ -363,6 +363,7 @@ async function createOrg (req, res, next) {
363363
364364 if ( legResult && regResult ) {
365365 logger . info ( { uuid : req . ctx . uuid , message : legResult . short_name + ' organization was not created because it already exists.' } )
366+ await session . abortTransaction ( )
366367 return res . status ( 400 ) . json ( error . orgExists ( legOrg . short_name ) )
367368 }
368369
@@ -432,7 +433,7 @@ async function createOrg (req, res, next) {
432433 await session . abortTransaction ( )
433434 throw error
434435 } finally {
435- session . endSession ( )
436+ await session . endSession ( )
436437 }
437438
438439 logger . info ( JSON . stringify ( payload ) )
@@ -470,7 +471,6 @@ async function updateOrg (req, res, next) {
470471 if ( ! orgToUpdate ) {
471472 logger . info ( { uuid : req . ctx . uuid , message : `Organization ${ shortNameParam } } )
472473 await session . abortTransaction ( )
473- session . endSession ( )
474474 return res . status ( 404 ) . json ( error . orgDnePathParam ( shortNameParam ) )
475475 }
476476
@@ -480,7 +480,6 @@ async function updateOrg (req, res, next) {
480480 // This indicates an inconsistent state, as an Org should have a corresponding RegistryOrg if created by the system
481481 logger . error ( { uuid : req . ctx . uuid , message : `Registry org counterpart for ${ orgToUpdate . short_name } ${ orgToUpdate . UUID } } )
482482 await session . abortTransaction ( )
483- session . endSession ( )
484483 return res . status ( 500 ) . json ( error . serverError ( 'Inconsistent organization data: Registry counterpart missing.' ) )
485484 }
486485
@@ -613,12 +612,12 @@ async function updateOrg (req, res, next) {
613612 if ( newOrgUpdates . short_name && newOrgUpdates . short_name !== orgToUpdate . short_name ) {
614613 const existingLegOrg = await orgRepo . findOneByShortName ( newOrgUpdates . short_name , { session } )
615614 if ( existingLegOrg && existingLegOrg . UUID !== orgToUpdate . UUID ) {
616- await session . abortTransaction ( ) ; session . endSession ( )
615+ await session . abortTransaction ( )
617616 return res . status ( 403 ) . json ( error . duplicateShortname ( newOrgUpdates . short_name ) )
618617 }
619618 const existingRegOrg = await regOrgRepo . findOneByShortName ( newRegOrgUpdates . short_name , { session } )
620619 if ( existingRegOrg && existingRegOrg . UUID !== regOrgToUpdate . UUID ) {
621- await session . abortTransaction ( ) ; session . endSession ( )
620+ await session . abortTransaction ( )
622621 return res . status ( 403 ) . json ( error . duplicateShortname ( newRegOrgUpdates . short_name ) )
623622 }
624623 }
@@ -672,7 +671,7 @@ async function updateOrg (req, res, next) {
672671 }
673672 next ( err )
674673 } finally {
675- session . endSession ( )
674+ await session . endSession ( )
676675 }
677676}
678677
@@ -712,12 +711,12 @@ async function createUser (req, res, next) {
712711 const regUsers = await userRegistryRepo . findUsersByOrgUUID ( orgUUID , { session } )
713712
714713 if ( users && regUsers && users !== regUsers ) {
715- await session . abortTransaction ( ) ; session . endSession ( )
714+ await session . abortTransaction ( )
716715 return res . status ( 500 ) . json ( { message : 'Data inconsistency' } )
717716 }
718717
719718 if ( users >= 100 ) {
720- await session . abortTransaction ( ) ; session . endSession ( )
719+ await session . abortTransaction ( )
721720 return res . status ( 400 ) . json ( error . userLimitReached ( ) )
722721 }
723722
@@ -734,12 +733,12 @@ async function createUser (req, res, next) {
734733 const key = keyRaw . toLowerCase ( )
735734
736735 if ( key === 'uuid' ) {
737- await session . abortTransaction ( ) ; session . endSession ( )
736+ await session . abortTransaction ( )
738737 return res . status ( 400 ) . json ( error . uuidProvided ( 'user' ) )
739738 }
740739
741740 if ( key === 'org_uuid' ) {
742- await session . abortTransaction ( ) ; session . endSession ( )
741+ await session . abortTransaction ( )
743742 return res . status ( 400 ) . json ( error . uuidProvided ( 'org' ) )
744743 }
745744
@@ -793,7 +792,7 @@ async function createUser (req, res, next) {
793792 // check if user is only an Admin (not Secretatiat) and the user does not belong to the same organization as the new user
794793 if ( ! isSecretariat && isAdmin ) {
795794 if ( requesterOrgUUID !== orgUUID ) {
796- await session . abortTransaction ( ) ; session . endSession ( )
795+ await session . abortTransaction ( )
797796 return res . status ( 403 ) . json ( error . notOrgAdminOrSecretariat ( ) ) // The Admin user must belong to the new user's organization
798797 }
799798 }
@@ -812,7 +811,7 @@ async function createUser (req, res, next) {
812811 const resultReg = await userRegistryRepo . findOneByUserNameAndOrgUUID ( newRegistryUser . user_id , orgUUID , null , { session } )
813812 if ( resultLeg || resultReg ) {
814813 logger . info ( { uuid : req . ctx . uuid , message : newUser . username + ' was not created because it already exists.' } )
815- await session . abortTransaction ( ) ; session . endSession ( )
814+ await session . abortTransaction ( )
816815 return res . status ( 400 ) . json ( error . userExists ( newUser . username ) )
817816 }
818817
@@ -849,6 +848,8 @@ async function createUser (req, res, next) {
849848 return res . status ( 200 ) . json ( responseMessage )
850849 } catch ( err ) {
851850 next ( err )
851+ } finally {
852+ await session . endSession ( )
852853 }
853854}
854855
@@ -889,12 +890,12 @@ async function updateUser (req, res, next) {
889890
890891 if ( ! targetOrgLegUUID || ! targetOrgRegUUID ) {
891892 logger . error ( { uuid : req . ctx . uuid , message : `Target organization ${ shortNameParams } } )
892- await session . abortTransaction ( ) ; await session . endSession ( )
893+ await session . abortTransaction ( )
893894 return res . status ( 404 ) . json ( error . orgDnePathParam ( shortNameParams ) )
894895 }
895896 if ( targetOrgLegUUID !== targetOrgRegUUID ) {
896897 logger . error ( { uuid : req . ctx . uuid , message : 'Registry and Legacy Org UUIDs do not match for target org. Data inconsistency.' } )
897- await session . abortTransaction ( ) ; await session . endSession ( )
898+ await session . abortTransaction ( )
898899 return res . status ( 500 ) . json ( error . serverError ( 'Inconsistent organization data.' ) )
899900 }
900901
@@ -905,18 +906,18 @@ async function updateUser (req, res, next) {
905906 if ( targetUserUUID !== requesterUUID ) {
906907 if ( ! targetUserUUID ) {
907908 logger . info ( { uuid : req . ctx . uuid , message : 'User DNE' } )
908- await session . abortTransaction ( ) ; await session . endSession ( )
909+ await session . abortTransaction ( )
909910 return res . status ( 404 ) . json ( error . userDne ( usernameParams ) )
910911 }
911912 logger . info ( { uuid : req . ctx . uuid , message : 'Not same user or secretariat' } )
912- await session . abortTransaction ( ) ; await session . endSession ( )
913+ await session . abortTransaction ( )
913914 return res . status ( 403 ) . json ( error . notSameUserOrSecretariat ( ) )
914915 }
915916 }
916917
917918 if ( shortNameParams !== requesterShortName && ! isRequesterSecretariat ) {
918919 logger . info ( { uuid : req . ctx . uuid , message : `${ shortNameParams } } )
919- await session . abortTransaction ( ) ; await session . endSession ( )
920+ await session . abortTransaction ( )
920921 return res . status ( 403 ) . json ( error . notSameOrgOrSecretariat ( ) )
921922 }
922923
@@ -925,7 +926,7 @@ async function updateUser (req, res, next) {
925926
926927 if ( ! userLeg && ! userReg ) { // If user doesn't exist in EITHER system.
927928 logger . info ( { uuid : req . ctx . uuid , message : `User ${ usernameParams } ${ shortNameParams } } )
928- await session . abortTransaction ( ) ; await session . endSession ( )
929+ await session . abortTransaction ( )
929930 return res . status ( 404 ) . json ( error . userDne ( usernameParams ) )
930931 }
931932
@@ -943,15 +944,15 @@ async function updateUser (req, res, next) {
943944 // Specific check for org_short_name (Secretariat only)
944945 if ( queryParameters . org_short_name && ! isRequesterSecretariat ) {
945946 logger . info ( { uuid : req . ctx . uuid , message : 'Only Secretariat can reassign user organization.' } )
946- await session . abortTransaction ( ) ; await session . endSession ( )
947+ await session . abortTransaction ( )
947948 return res . status ( 403 ) . json ( error . notAllowedToChangeOrganization ( ) )
948949 }
949950
950951 // General permission check for fields requiring admin/secretariat
951952 if ( ( queryParameters . new_username || queryParameters [ 'active_roles.remove' ] || queryParameters [ 'active_roles.add' ] ) ) {
952953 if ( ! isRequesterSecretariat && ! isAdmin ) {
953954 logger . info ( { uuid : req . ctx . uuid , message : `User ${ requesterUsername } } )
954- await session . abortTransaction ( ) ; await session . endSession ( )
955+ await session . abortTransaction ( )
955956 return res . status ( 403 ) . json ( error . notOrgAdminOrSecretariatUpdate ( ) )
956957 }
957958 }
@@ -961,7 +962,7 @@ async function updateUser (req, res, next) {
961962 const unameToCheck = await userLegRepo . findOneByUserNameAndOrgUUID ( queryParameters . new_username , targetOrgRegUUID , null , { session } )
962963 if ( unameToCheck ) {
963964 logger . info ( { uuid : req . ctx . uuid , message : queryParameters . new_username + ' was not created because it already exists.' } )
964- await session . abortTransaction ( ) ; session . endSession ( )
965+ await session . abortTransaction ( )
965966 return res . status ( 403 ) . json ( error . duplicateUsername ( queryParameters . new_username , shortNameParams ) )
966967 }
967968 }
@@ -1024,23 +1025,23 @@ async function updateUser (req, res, next) {
10241025 handlers [ key ] ( )
10251026 } catch ( handlerError ) {
10261027 logger . info ( { uuid : req . ctx . uuid , message : handlerError . message || `Auth error in handler for ${ key } } )
1027- await session . abortTransaction ( ) ; await session . endSession ( )
1028+ await session . abortTransaction ( )
10281029 return res . status ( 403 ) . json ( handlerError instanceof Error ? { name : handlerError . name , error : handlerError . message } : handlerError )
10291030 }
10301031 }
10311032 }
10321033
10331034 if ( queryParameters . active ) {
10341035 if ( requesterUUID === targetUserUUID ) {
1035- await session . abortTransaction ; await session . endSession ( )
1036+ await session . abortTransaction ( )
10361037 return res . status ( 403 ) . json ( error . notOrgAdminOrSecretariatUpdate ( ) )
10371038 }
10381039 }
10391040
10401041 // Check to make sure we are NOT self demoting
10411042 if ( removeRolesCollector . includes ( 'ADMIN' ) ) {
10421043 if ( requesterUUID === targetUserUUID ) {
1043- await session . abortTransaction ; await session . endSession ( )
1044+ await session . abortTransaction ( )
10441045 return res . status ( 403 ) . json ( error . notAllowedToSelfDemote ( ) )
10451046 }
10461047 }
@@ -1054,20 +1055,20 @@ async function updateUser (req, res, next) {
10541055 if ( newOrgShortNameToMoveTo ) {
10551056 if ( newOrgShortNameToMoveTo === shortNameParams ) {
10561057 logger . info ( { uuid : req . ctx . uuid , message : `User ${ usernameParams } ${ newOrgShortNameToMoveTo } } )
1057- await session . abortTransaction ( ) ; await session . endSession ( )
1058+ await session . abortTransaction ( )
10581059 return res . status ( 403 ) . json ( error . alreadyInOrg ( newOrgShortNameToMoveTo , usernameParams ) )
10591060 }
10601061 newTargetLegacyOrgUUID = await orgLegRepo . getOrgUUID ( newOrgShortNameToMoveTo , { session } )
10611062 newTargetRegistryOrgUUID = await orgRegRepo . getOrgUUID ( newOrgShortNameToMoveTo , { session } )
10621063
10631064 if ( ! newTargetLegacyOrgUUID || ! newTargetRegistryOrgUUID ) {
10641065 logger . info ( { uuid : req . ctx . uuid , message : `New target organization ${ newOrgShortNameToMoveTo } } )
1065- await session . abortTransaction ( ) ; await session . endSession ( )
1066+ await session . abortTransaction ( )
10661067 return res . status ( 404 ) . json ( error . orgDne ( newOrgShortNameToMoveTo , 'org_short_name' , 'query' ) )
10671068 }
10681069 if ( newTargetLegacyOrgUUID !== newTargetRegistryOrgUUID ) {
10691070 logger . error ( { uuid : req . ctx . uuid , message : `New target organization ${ newOrgShortNameToMoveTo } } )
1070- await session . abortTransaction ( ) ; await session . endSession ( )
1071+ await session . abortTransaction ( )
10711072 return res . status ( 500 ) . json ( error . serverError ( 'Inconsistent new target organization data.' ) )
10721073 }
10731074
@@ -1166,7 +1167,7 @@ async function updateUser (req, res, next) {
11661167 const legUpdateResult = await userLegRepo . updateByUUID ( userLeg . UUID , legacyUserUpdatePayload , { session } )
11671168 if ( ! legUpdateResult || legUpdateResult . modifiedCount === 0 ) {
11681169 if ( legUpdateResult && legUpdateResult . matchedCount === 0 ) {
1169- await session . abortTransaction ( ) ; await session . endSession ( )
1170+ await session . abortTransaction ( )
11701171 return res . status ( 404 ) . json ( error . userDne ( userLeg . username ) )
11711172 }
11721173 } else {
@@ -1178,7 +1179,7 @@ async function updateUser (req, res, next) {
11781179 const regUpdateResult = await userRegRepo . updateByUUID ( userReg . UUID , registryUserUpdatePayload , { session } )
11791180 if ( ! regUpdateResult || regUpdateResult . modifiedCount === 0 ) {
11801181 if ( regUpdateResult && regUpdateResult . matchedCount === 0 ) {
1181- await session . abortTransaction ( ) ; await session . endSession ( )
1182+ await session . abortTransaction ( )
11821183 return res . status ( 404 ) . json ( error . userDne ( userReg . user_id ) )
11831184 }
11841185 } else {
@@ -1286,7 +1287,7 @@ async function resetSecret (req, res, next) {
12861287
12871288 if ( ! targetOrgUUID ) {
12881289 logger . info ( { uuid : req . ctx . uuid , message : 'User DNE' } )
1289- await session . abortTransaction ( ) ; await session . endSession ( )
1290+ await session . abortTransaction ( )
12901291 return res . status ( 404 ) . json ( error . orgDnePathParam ( orgShortName ) )
12911292 }
12921293
@@ -1295,16 +1296,19 @@ async function resetSecret (req, res, next) {
12951296 // check if orgUUID and orgRegUUID are the same
12961297 if ( orgUUID . toString ( ) !== orgRegUUID . toString ( ) ) {
12971298 logger . info ( { uuid : req . ctx . uuid , message : 'The organization UUID and the organization registry UUID are not the same.' } )
1299+ await session . abortTransaction ( )
12981300 return res . status ( 500 ) . json ( error . internalServerError ( ) )
12991301 }
13001302
13011303 if ( ! orgUUID && ! orgRegUUID ) {
13021304 logger . info ( { uuid : req . ctx . uuid , message : orgShortName + ' organization does not exist.' } )
1305+ await session . abortTransaction ( )
13031306 return res . status ( 404 ) . json ( error . orgDnePathParam ( orgShortName ) )
13041307 }
13051308
13061309 if ( orgShortName !== requesterShortName && ! isSecretariat ) {
13071310 logger . info ( { uuid : req . ctx . uuid , message : orgShortName + ' organization can only be viewed by the users of the same organization or the Secretariat.' } )
1311+ await session . abortTransaction ( )
13081312 return res . status ( 403 ) . json ( error . notSameOrgOrSecretariat ( ) )
13091313 }
13101314
@@ -1313,6 +1317,7 @@ async function resetSecret (req, res, next) {
13131317
13141318 if ( ! oldUser && ! oldUserRegistry ) {
13151319 logger . info ( { uuid : req . ctx . uuid , message : username + ' user does not exist.' } )
1320+ await session . abortTransaction ( )
13161321 return res . status ( 404 ) . json ( error . userDne ( username ) )
13171322 }
13181323
@@ -1324,7 +1329,7 @@ async function resetSecret (req, res, next) {
13241329 if ( targetUserUUID !== requesterUUID ) {
13251330 if ( ! targetUserUUID ) {
13261331 logger . info ( { uuid : req . ctx . uuid , message : 'User DNE' } )
1327- await session . abortTransaction ( ) ; await session . endSession ( )
1332+ await session . abortTransaction ( )
13281333 return res . status ( 404 ) . json ( error . userDne ( username ) )
13291334 }
13301335 }
@@ -1335,6 +1340,7 @@ async function resetSecret (req, res, next) {
13351340 // check if the requester is not and admin; if admin, the requester must be from the same org as the user
13361341 if ( ! isAdmin || ( isAdmin && orgShortName !== requesterShortName ) ) {
13371342 logger . info ( { uuid : req . ctx . uuid , message : 'The api secret can only be reset by the Secretariat, an Org admin or if the requester is the user.' } )
1343+ await session . abortTransaction ( )
13381344 return res . status ( 403 ) . json ( error . notSameUserOrSecretariat ( ) )
13391345 }
13401346 }
@@ -1348,14 +1354,15 @@ async function resetSecret (req, res, next) {
13481354
13491355 if ( user . matchedCount === 0 || userReg . matchedCount === 0 ) {
13501356 logger . info ( { uuid : req . ctx . uuid , message : 'The user could not be updated because ' + username + ' does not exist for ' + orgShortName + ' organization.' } )
1357+ await session . abortTransaction ( )
13511358 return res . status ( 404 ) . json ( error . userDne ( username ) )
13521359 }
13531360 await session . commitTransaction ( )
13541361 } catch ( error ) {
13551362 await session . abortTransaction ( )
13561363 throw error
13571364 } finally {
1358- session . endSession ( )
1365+ await session . endSession ( )
13591366 }
13601367
13611368 logger . info ( { uuid : req . ctx . uuid , message : `The API secret was successfully reset and sent to ${ username } } )
0 commit comments