Merge branch 'master' into snyk-upgrade-0c25a2832ede9d647c8ebc0765f128cc

Author: stoopidJSON

README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://travis-ci.org/CodeForBaltimore/Bmore-Responsive.svg?branch=master)](https://travis-ci.org/CodeForBaltimore/Bmore-Responsive) [![codecov](https://codecov.io/gh/CodeForBaltimore/Bmore-Responsive/branch/master/graph/badge.svg)](https://codecov.io/gh/CodeForBaltimore/Bmore-Responsive) [![Open Source Love svg1](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/ellerbrock/open-source-badges/)
+[![Build Status](https://travis-ci.org/CodeForBaltimore/Bmore-Responsive.svg?branch=master)](https://travis-ci.org/CodeForBaltimore/Bmore-Responsive) [![codecov](https://codecov.io/gh/CodeForBaltimore/Bmore-Responsive/branch/master/graph/badge.svg)](https://codecov.io/gh/CodeForBaltimore/Bmore-Responsive) [![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/CodeForBaltimore/Bmore-Responsive.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/CodeForBaltimore/Bmore-Responsive/context:javascript) [![Known Vulnerabilities](https://snyk.io/test/github/CodeForBaltimore/Bmore-Responsive/badge.svg)](https://snyk.io/test/github/CodeForBaltimore/Bmore-Responsive)
 
 # Bmore Responsive
 A simple, flexible API to support emergency response coordination.  Sample use cases include:

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "bmore-responsive",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "description": "An API-driven CRM (Civic Relationship Management) system.",
   "main": "src/index.js",
   "directories": {
@@ -33,8 +33,8 @@
   },
   "homepage": "https://github.com/CodeForBaltimore/Bmore-Responsive#readme",
   "dependencies": {
-    "@babel/core": "7.10.2",
-    "@babel/node": "7.10.1",
+    "@babel/core": "7.10.3",
+    "@babel/node": "7.10.3",
     "casbin": "4.7.2",
     "casbin-sequelize-adapter": "2.1.0",
     "chai": "4.2.0",
@@ -56,7 +56,7 @@
     "nunjucks": "^3.2.1",
     "pg": "7.18.2",
     "random-words": "1.1.1",
-    "sequelize": "5.21.12",
+    "sequelize": "5.21.13",
     "snyk": "^1.337.0",
     "supertest": "4.0.2",
     "swagger-ui-express": "4.1.4",

package.json

@@ -3,7 +3,7 @@ publiccodeYmlVersion: "0.2"
 name: Bmore-Responsive
 url: "https://github.com/CodeForBaltimore/Bmore-Responsive.git"
 landingUrl: "https://github.com/CodeForBaltimore/Bmore-Responsive"
-softwareVersion: "1.3.1"   
+softwareVersion: "1.3.2"   
 releaseDate: "2020-04-06"
 platforms:
   - web

publiccode.yml

@@ -25,6 +25,11 @@
         "path": "/entity",
         "method": "GET"
     },
+    {
+        "role": "user",
+        "path": "/entity/*",
+        "method": "GET"
+    },
     {
         "role": "user",
         "path": "/entity",
@@ -40,6 +45,11 @@
         "path": "/contact",
         "method": "GET"
     },
+    {
+        "role": "user",
+        "path": "/contact/*",
+        "method": "GET"
+    },
     {
         "role": "user",
         "path": "/contact",

sequelize/data/user-role.json

@@ -3,40 +3,40 @@ import jwt from 'jsonwebtoken'
 import utils from '../utils'
 
 const user = (sequelize, DataTypes) => {
-	// Defining our user table and setting User object.
-	const User = sequelize.define('User', {
-		id: {
-		  type: DataTypes.UUID,
-		  primaryKey: true,
-		  defaultValue: DataTypes.UUIDV4,
-		  allowNull: false,
-		  autoIncrement: false,
-		},
-		email: {
-			type: DataTypes.STRING,
-			unique: true,
-			required: true
-		},
-		password: {
-			type: DataTypes.STRING,
-			required: true
-		},
-		salt: {
-			type: DataTypes.STRING
-		},
-		displayName: {
-			type: DataTypes.STRING
-		},
-		phone: {
-			type: DataTypes.STRING
-		},
-        attributes: {
-            type: DataTypes.JSON,
-        }
-	},
-	{
-		schema: process.env.DATABASE_SCHEMA
-	})
+  // Defining our user table and setting User object.
+  const User = sequelize.define('User', {
+    id: {
+      type: DataTypes.UUID,
+      primaryKey: true,
+      defaultValue: DataTypes.UUIDV4,
+      allowNull: false,
+      autoIncrement: false,
+    },
+    email: {
+      type: DataTypes.STRING,
+      unique: true,
+      required: true
+    },
+    password: {
+      type: DataTypes.STRING,
+      required: true
+    },
+    salt: {
+      type: DataTypes.STRING
+    },
+    displayName: {
+      type: DataTypes.STRING
+    },
+    phone: {
+      type: DataTypes.STRING
+    },
+    attributes: {
+      type: DataTypes.JSON,
+    }
+  },
+    {
+      schema: process.env.DATABASE_SCHEMA
+    })
 
 	/**
 	 * Looks up and validates a user by email and password.
@@ -46,40 +46,44 @@ const user = (sequelize, DataTypes) => {
 	 *
 	 * @return {String} returns either the valid login token or an error message.
 	 */
-	User.findByLogin = async (email, password) => {
-		const user = await User.findOne({
-			where: {email}
-		})
-		if (user) {
-			const pw = User.encryptPassword(password, user.salt)
-			if (pw === user.password) {
-				return await User.getToken(user.id, user.email)
-			}
-		}
-	}
-
-	User.decodeToken = async token => {
-		return jwt.verify(token, process.env.JWT_KEY)
-	}
-
-	/** @todo deprecate this */
-	User.getToken = async (userId, email, expiresIn = '1d') => {
-		const token = jwt.sign(
-			{userId, email, type: 'user'},
-			process.env.JWT_KEY,
-			{expiresIn}
-		)
-		return token
-	}
+  User.findByLogin = async (email, password) => {
+    const user = await User.findOne({
+      where: { email }
+    })
+    if (user) {
+      const pw = User.encryptPassword(password, user.salt)
+      if (pw === user.password) {
+
+        const e = await utils.loadCasbin()
+        const roles = await e.getRolesForUser(user.email)
+
+        return await User.getToken(user.id, user.email, roles[0])
+      }
+    }
+  }
+
+  User.decodeToken = async token => {
+    return jwt.verify(token, process.env.JWT_KEY)
+  }
+
+  /** @todo deprecate this */
+  User.getToken = async (userId, email, type, expiresIn = '1d') => {
+    const token = jwt.sign(
+      { userId, email, type },
+      process.env.JWT_KEY,
+      { expiresIn }
+    )
+    return token
+  }
 
 	/**
 	 * Generates a random salt for password security.
 	 *
 	 * @return {String} The password salt.
 	 */
-	User.generateSalt = () => {
-		return crypto.randomBytes(16).toString('base64')
-	}
+  User.generateSalt = () => {
+    return crypto.randomBytes(16).toString('base64')
+  }
 
 	/**
 	 * Salts and hashes a password.
@@ -89,45 +93,45 @@ const user = (sequelize, DataTypes) => {
 	 *
 	 * @return {String} The secured password.
 	 */
-	User.encryptPassword = (plainText, salt) => {
-		return crypto
-			.createHash('RSA-SHA256')
-			.update(plainText)
-			.update(salt)
-			.digest('hex')
-	}
-
-	// Setters
-	const setSaltAndPassword = user => {
-		if (user.changed('password')) {
-			user.salt = User.generateSalt()
-			// User.password = User.encryptPassword(user.password, user.salt)
-			user.password = utils.encryptPassword(user.password, user.salt)
-		}
-	}
-
-	// Other Helpers
-	// const validateContactInfo = user => {
-	// 	let valid = true
-
-	// 	if (!validator.isEmail(validator.normalizeEmail(user.email))) {
-	// 		valid = false
-	// 	}
-
-	// 	/** @todo Add more validations for all contact info. */
-
-	// 	return valid
-	// }
-
-	// Create prep actions
-	// User.beforeCreate(validateContactInfo)
-	User.beforeCreate(setSaltAndPassword)
-
-	// Update prep actions
-	// User.beforeUpdate(validateContactInfo)
-	User.beforeUpdate(setSaltAndPassword)
-
-	return User
+  User.encryptPassword = (plainText, salt) => {
+    return crypto
+      .createHash('RSA-SHA256')
+      .update(plainText)
+      .update(salt)
+      .digest('hex')
+  }
+
+  // Setters
+  const setSaltAndPassword = user => {
+    if (user.changed('password')) {
+      user.salt = User.generateSalt()
+      // User.password = User.encryptPassword(user.password, user.salt)
+      user.password = utils.encryptPassword(user.password, user.salt)
+    }
+  }
+
+  // Other Helpers
+  // const validateContactInfo = user => {
+  // 	let valid = true
+
+  // 	if (!validator.isEmail(validator.normalizeEmail(user.email))) {
+  // 		valid = false
+  // 	}
+
+  // 	/** @todo Add more validations for all contact info. */
+
+  // 	return valid
+  // }
+
+  // Create prep actions
+  // User.beforeCreate(validateContactInfo)
+  User.beforeCreate(setSaltAndPassword)
+
+  // Update prep actions
+  // User.beforeUpdate(validateContactInfo)
+  User.beforeUpdate(setSaltAndPassword)
+
+  return User
 }
 
 export default user

src/models/user.js

@@ -119,7 +119,7 @@ router.put('/', async (req, res) => {
   const response = new utils.Response()
 	try {
 		if (validator.isUUID(req.body.id)) {
-			let { id, name, type, address, phone, email, checkIn, contacts } = req.body
+			let { id, name, type, address, phone, email, checkIn, contacts, attributes } = req.body
 
 			/** @todo validate emails */
 			// Validating emails 
@@ -140,7 +140,8 @@ router.put('/', async (req, res) => {
 			entity.type = (type) ? type : entity.type
 			entity.address = (address) ? address : entity.address
 			entity.phone = (phone) ? phone : entity.phone
-			entity.email = (email) ? email : entity.email
+      entity.email = (email) ? email : entity.email
+      entity.attributes = (attributes) ? attributes : entity.attributes
 			/** @todo validate checkIn JSON */
 			if (entity.checkIn === null && checkIn) {
 				const checkIns = {

src/routes/entity.js

@@ -5,7 +5,7 @@ import utils from '../utils'
 import email from '../email'
 
 const router = new Router()
-const max = (process.env.NODE_ENV !== 'production') ? 50000 : 5
+const max = (process.env.NODE_ENV !== 'production') ? 50000 : 50
 const loginLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
 	max,

src/routes/user.js

@@ -9,7 +9,10 @@ const { expect } = chai
 const entity = {
   name: randomWords(),
   type: 'Test',
-  contacts: []
+  contacts: [],
+  attributes: {
+    notes: 'test'
+  }
 }
 const contact = {
   name: randomWords(),