fix: all API body parameter must be in lowercase

Author: prafull-opensignlabs

apps/OpenSignServer/cloud/customRoute/v1/routes/createContact.js

@@ -2,9 +2,9 @@ import axios from 'axios';
 export default async function createContact(request, response) {
   const serverUrl = process.env.SERVER_URL;
   const appId = process.env.APP_ID;
-  const name = request.body.Name;
-  const phone = request.body.Phone;
-  const email = request.body.Email;
+  const name = request.body.name;
+  const phone = request.body.phone;
+  const email = request.body.email;
   const reqToken = request.headers['x-api-token'];
   if (!reqToken) {
     return response.status(400).json({ error: 'Please Provide API Token' });
@@ -16,127 +16,143 @@ export default async function createContact(request, response) {
     // Valid Token then proceed request
     const userPtr = token.get('userId');
     try {
-      const Tenant = new Parse.Query('partners_Tenant');
-      Tenant.equalTo('UserId', userPtr);
-      const tenantRes = await Tenant.first({ useMasterKey: true });
+      const contactbook = new Parse.Query('contracts_Contactbook');
+      contactbook.equalTo('Email', email);
+      contactbook.equalTo('CreatedBy', userPtr);
 
-      const contactQuery = new Parse.Object('contracts_Contactbook');
-      contactQuery.set('Name', name);
-      contactQuery.set('Phone', phone);
-      contactQuery.set('Email', email);
-      contactQuery.set('UserRole', 'contracts_Guest');
-      if (tenantRes && tenantRes.id) {
-        contactQuery.set('TenantId', {
-          __type: 'Pointer',
-          className: 'partners_Tenant',
-          objectId: tenantRes.id,
-        });
-      }
-      try {
-        const _users = Parse.Object.extend('User');
-        const _user = new _users();
-        _user.set('name', name);
-        _user.set('username', email);
-        _user.set('email', email);
-        _user.set('phone', phone);
-        _user.set('password', phone);
+      const userExists = await contactbook.first({ useMasterKey: true });
 
-        const user = await _user.save();
-        if (user) {
-          const roleurl = `${serverUrl}/functions/AddUserToRole`;
-          const headers = {
-            'Content-Type': 'application/json',
-            'X-Parse-Application-Id': appId,
-            // sessionToken: localStorage.getItem('accesstoken'),
-          };
-          const body = {
-            appName: 'contracts',
-            roleName: 'contracts_Guest',
-            userId: user.id,
-          };
-          await axios.post(roleurl, body, { headers: headers });
-          const currentUser = userPtr;
-          contactQuery.set('CreatedBy', currentUser);
-          contactQuery.set('UserId', user);
+      if (userExists) {
+        return response
+          .status(401)
+          .json({ error: 'Contact already exists!', objectId: userExists.id });
+      } else {
+        try {
+          const Tenant = new Parse.Query('partners_Tenant');
+          Tenant.equalTo('UserId', userPtr);
+          const tenantRes = await Tenant.first({ useMasterKey: true });
 
-          const acl = new Parse.ACL();
-          acl.setReadAccess(userPtr.id, true);
-          acl.setWriteAccess(userPtr.id, true);
-          acl.setReadAccess(user.id, true);
-          acl.setWriteAccess(user.id, true);
-          contactQuery.setACL(acl);
+          const contactQuery = new Parse.Object('contracts_Contactbook');
+          contactQuery.set('Name', name);
+          contactQuery.set('Phone', phone);
+          contactQuery.set('Email', email);
+          contactQuery.set('UserRole', 'contracts_Guest');
+          if (tenantRes && tenantRes.id) {
+            contactQuery.set('TenantId', {
+              __type: 'Pointer',
+              className: 'partners_Tenant',
+              objectId: tenantRes.id,
+            });
+          }
+          try {
+            const _users = Parse.Object.extend('User');
+            const _user = new _users();
+            _user.set('name', name);
+            _user.set('username', email);
+            _user.set('email', email);
+            _user.set('phone', phone);
+            _user.set('password', phone);
 
-          const contactRes = await contactQuery.save();
-          const parseRes = JSON.parse(JSON.stringify(contactRes));
-          return response.json({
-            objectId: parseRes.objectId,
-            Name: parseRes.Name,
-            Email: parseRes.Email,
-            Phone: parseRes.Phone,
-            createdAt: parseRes.createdAt,
-            updatedAt: parseRes.updatedAt,
-          });
-        }
-      } catch (err) {
-        console.log('err in', err);
-        if (err.code === 202) {
-          const params = { email: email };
-          const userRes = await Parse.Cloud.run('getUserId', params);
-          const roleurl = `${serverUrl}/functions/AddUserToRole`;
-          const headers = {
-            'Content-Type': 'application/json',
-            'X-Parse-Application-Id': appId,
-            // sessionToken: localStorage.getItem('accesstoken'),
-          };
-          const body = {
-            appName: 'contracts',
-            roleName: 'contracts_Guest',
-            userId: userRes.id,
-          };
-          await axios.post(roleurl, body, { headers: headers });
-          contactQuery.set('CreatedBy', userPtr);
-          contactQuery.set('UserId', {
-            __type: 'Pointer',
-            className: '_User',
-            objectId: userRes.id,
-          });
-          const acl = new Parse.ACL();
-          acl.setReadAccess(userPtr.id, true);
-          acl.setWriteAccess(userPtr.id, true);
-          acl.setReadAccess(userRes.id, true);
-          acl.setWriteAccess(userRes.id, true);
+            const user = await _user.save();
+            if (user) {
+              const roleurl = `${serverUrl}/functions/AddUserToRole`;
+              const headers = {
+                'Content-Type': 'application/json',
+                'X-Parse-Application-Id': appId,
+                // sessionToken: localStorage.getItem('accesstoken'),
+              };
+              const body = {
+                appName: 'contracts',
+                roleName: 'contracts_Guest',
+                userId: user.id,
+              };
+              await axios.post(roleurl, body, { headers: headers });
+              const currentUser = userPtr;
+              contactQuery.set('CreatedBy', currentUser);
+              contactQuery.set('UserId', user);
 
-          contactQuery.setACL(acl);
-          const contactRes = await contactQuery.save();
-          if (contactRes) {
-            const parseRes = JSON.parse(JSON.stringify(contactRes));
-            return response.json({
-              objectId: parseRes.objectId,
-              Name: parseRes.Name,
-              Email: parseRes.Email,
-              Phone: parseRes.Phone,
-              createdAt: parseRes.createdAt,
-              updatedAt: parseRes.updatedAt,
-            });
+              const acl = new Parse.ACL();
+              acl.setReadAccess(userPtr.id, true);
+              acl.setWriteAccess(userPtr.id, true);
+              acl.setReadAccess(user.id, true);
+              acl.setWriteAccess(user.id, true);
+              contactQuery.setACL(acl);
+
+              const contactRes = await contactQuery.save();
+              const parseRes = JSON.parse(JSON.stringify(contactRes));
+              return response.json({
+                objectId: parseRes.objectId,
+                Name: parseRes.Name,
+                Email: parseRes.Email,
+                Phone: parseRes.Phone,
+                createdAt: parseRes.createdAt,
+                updatedAt: parseRes.updatedAt,
+              });
+            }
+          } catch (err) {
+            console.log('err in', err);
+            if (err.code === 202) {
+              const params = { email: email };
+              const userRes = await Parse.Cloud.run('getUserId', params);
+              const roleurl = `${serverUrl}/functions/AddUserToRole`;
+              const headers = {
+                'Content-Type': 'application/json',
+                'X-Parse-Application-Id': appId,
+                // sessionToken: localStorage.getItem('accesstoken'),
+              };
+              const body = {
+                appName: 'contracts',
+                roleName: 'contracts_Guest',
+                userId: userRes.id,
+              };
+              await axios.post(roleurl, body, { headers: headers });
+              contactQuery.set('CreatedBy', userPtr);
+              contactQuery.set('UserId', {
+                __type: 'Pointer',
+                className: '_User',
+                objectId: userRes.id,
+              });
+              const acl = new Parse.ACL();
+              acl.setReadAccess(userPtr.id, true);
+              acl.setWriteAccess(userPtr.id, true);
+              acl.setReadAccess(userRes.id, true);
+              acl.setWriteAccess(userRes.id, true);
+
+              contactQuery.setACL(acl);
+              const contactRes = await contactQuery.save();
+              if (contactRes) {
+                const parseRes = JSON.parse(JSON.stringify(contactRes));
+                return response.json({
+                  objectId: parseRes.objectId,
+                  Name: parseRes.Name,
+                  Email: parseRes.Email,
+                  Phone: parseRes.Phone,
+                  createdAt: parseRes.createdAt,
+                  updatedAt: parseRes.updatedAt,
+                });
+              }
+            } else {
+              if (err.code === 137) {
+                return response.status(401).json({ error: 'Contact already exists!' });
+              }
+              return response
+                .status(400)
+                .json({ error: 'Something went wrong, please try again later!' });
+            }
           }
-        } else {
+        } catch (err) {
+          console.log('err ', err);
           if (err.code === 137) {
             return response.status(401).json({ error: 'Contact already exists!' });
+          } else {
+            return response
+              .status(400)
+              .json({ error: 'Something went wrong, please try again later!' });
           }
-          return response
-            .status(400)
-            .json({ error: 'Something went wrong, please try again later!' });
         }
       }
     } catch (err) {
-      console.log('err ', err);
-      if (err.code === 137) {
-        return response.status(401).json({ error: 'Contact already exists!' });
-      } else {
-        return response
-          .status(400)
-          .json({ error: 'Something went wrong, please try again later!' });
-      }
+      return response.status(400).json({ error: 'Something went wrong, please try again later!' });
     }
   } else {
     return response.status(405).json({ error: 'Invalid API Token!' });

apps/OpenSignServer/cloud/customRoute/v1/routes/getWebhook.js

@@ -1,5 +1,4 @@
 export default async function getWebhook(request, response) {
-  const Url = request.body.Url;
   const reqToken = request.headers['x-api-token'];
   if (!reqToken) {
     return response.status(400).json({ error: 'Please Provide API Token' });

apps/OpenSignServer/cloud/customRoute/v1/routes/saveWebhook.js

@@ -1,5 +1,5 @@
 export default async function saveWebhook(request, response) {
-  const Url = request.body.Url;
+  const Url = request.body.url;
   const reqToken = request.headers['x-api-token'];
   if (!reqToken) {
     return response.status(400).json({ error: 'Please Provide API Token' });

apps/OpenSignServer/cloud/customRoute/v1/routes/updateDocument.js

@@ -8,8 +8,8 @@ export default async function updateDocument(request, response) {
     tokenQuery.equalTo('token', reqToken);
     const token = await tokenQuery.first({ useMasterKey: true });
     if (token !== undefined) {
-      // Valid Token then proceed request      
-      const allowedKeys = ['Name', 'Note', 'Description'];
+      // Valid Token then proceed request
+      const allowedKeys = ['name', 'note', 'description'];
       const objectKeys = Object.keys(request.body);
       const isValid = objectKeys.every(key => allowedKeys.includes(key)) && objectKeys.length > 0;
       if (isValid) {

apps/OpenSignServer/cloud/customRoute/v1/routes/updateTemplate.js

@@ -9,7 +9,7 @@ export default async function updateTemplate(request, response) {
     const token = await tokenQuery.first({ useMasterKey: true });
     if (token !== undefined) {
       // Valid Token then proceed request
-      const allowedKeys = ['Name', 'Note', 'Description'];
+      const allowedKeys = ['name', 'note', 'description'];
       const objectKeys = Object.keys(request.body);
       const isValid = objectKeys.every(key => allowedKeys.includes(key)) && objectKeys.length > 0;
       if (isValid) {

apps/OpenSignServer/cloud/parsefunction/DocumentAftersave.js

@@ -4,20 +4,11 @@ async function DocumentAftersave(request) {
       console.log('new entry is insert in contracts_Document');
       const createdAt = request.object.get('createdAt');
       const Folder = request.object.get('Type');
-      // console.log("createdAt")
-      // console.log(createdAt)
-      // console.log("Folder")
-      // console.log(Folder)
-      // console.log("before If condition")
       if (createdAt && Folder === undefined) {
         // console.log("IN If condition")
         const TimeToCompleteDays = request.object.get('TimeToCompleteDays');
         const ExpiryDate = new Date(createdAt);
-        // console.log("ExpiryDate")
-        // console.log(ExpiryDate)
         ExpiryDate.setDate(ExpiryDate.getDate() + TimeToCompleteDays);
-        // console.log("ExpiryDate date after update")
-        // console.log(ExpiryDate)
         const documentQuery = new Parse.Query('contracts_Document');
         const updateQuery = await documentQuery.get(request.object.id, { useMasterKey: true });
         updateQuery.set('ExpiryDate', ExpiryDate);
@@ -37,8 +28,6 @@ async function DocumentAftersave(request) {
       }
 
       const signers = request.object.get('Signers');
-      // console.log("Signers")
-      // console.log(signers.length)
       // update acl of New Document If There are signers present in array
       if (signers && signers.length > 0) {
         await updateAclDoc(request.object.id);
@@ -48,7 +37,7 @@ async function DocumentAftersave(request) {
         }
       }
     } else {
-      if (request.user) {
+      if (request?.user) {
         const signers = request.object.get('Signers');
         if (signers && signers.length > 0) {
           await updateAclDoc(request.object.id);
@@ -69,6 +58,7 @@ async function DocumentAftersave(request) {
     // console.log(objId)
     const Query = new Parse.Query('contracts_Document');
     Query.include('Signers');
+    Query.include('CreatedBy');
     const updateACL = await Query.get(objId, { useMasterKey: true });
     const res = JSON.parse(JSON.stringify(updateACL));
     // console.log("res");
@@ -91,9 +81,10 @@ async function DocumentAftersave(request) {
     const newACL = new Parse.ACL();
     newACL.setPublicReadAccess(false);
     newACL.setPublicWriteAccess(false);
-    newACL.setReadAccess(request.user, true);
-    newACL.setWriteAccess(request.user, true);
-
+    if (res?.CreatedBy) {
+      newACL.setReadAccess(res?.CreatedBy?.objectId, true);
+      newACL.setWriteAccess(res?.CreatedBy?.objectId, true);
+    }
     UsersPtr.forEach(x => {
       newACL.setReadAccess(x.objectId, true);
       newACL.setWriteAccess(x.objectId, true);
@@ -104,18 +95,20 @@ async function DocumentAftersave(request) {
   }
 
   async function updateSelfDoc(objId) {
-    // console.log("In side updateSelfDoc func")
     // console.log(objId)
     const Query = new Parse.Query('contracts_Document');
+    Query.include('CreatedBy');
     const updateACL = await Query.get(objId, { useMasterKey: true });
     const res = JSON.parse(JSON.stringify(updateACL));
     // console.log("res");
     // console.log(JSON.stringify(res));
     const newACL = new Parse.ACL();
     newACL.setPublicReadAccess(false);
     newACL.setPublicWriteAccess(false);
-    newACL.setReadAccess(request.user, true);
-    newACL.setWriteAccess(request.user, true);
+    if (res?.CreatedBy) {
+      newACL.setReadAccess(res?.CreatedBy?.objectId, true);
+      newACL.setWriteAccess(res?.CreatedBy?.objectId, true);
+    }
     updateACL.setACL(newACL);
     updateACL.save(null, { useMasterKey: true });
   }