Added validator for query params

Author: Satyam005

controllers/auth.js

@@ -2,12 +2,7 @@ const passport = require("passport");
 const users = require("../models/users");
 const QrCodeAuthModel = require("../models/qrCodeAuth");
 const authService = require("../services/authService");
-const {
-  SOMETHING_WENT_WRONG,
-  DATA_ADDED_SUCCESSFULLY,
-  BAD_REQUEST,
-  INVALID_QUERY_PARAM,
-} = require("../constants/errorMessages");
+const { SOMETHING_WENT_WRONG, DATA_ADDED_SUCCESSFULLY, BAD_REQUEST } = require("../constants/errorMessages");
 
 /**
  * Fetches the user info from GitHub and authenticates User
@@ -129,20 +124,15 @@ const updateAuthStatus = async (req, res) => {
 
 const fetchUserDeviceInfo = async (req, res) => {
   try {
-    const queryParamArray = Object.keys(req.query);
-    if (queryParamArray.length === 1 && queryParamArray[0] === "device_id") {
-      const deviceId = req.query.device_id;
-      const userDeviceInfoData = await QrCodeAuthModel.retrieveUserDeviceInfo(deviceId);
-      if (!userDeviceInfoData.userExists) {
-        return res.boom.notFound("No Authentication found!");
-      }
-      return res.json({
-        message: "Authentication document retrieved successfully.",
-        data: { ...userDeviceInfoData.data },
-      });
-    } else {
-      return res.boom.badRequest(INVALID_QUERY_PARAM);
+    const deviceId = req.query.device_id;
+    const userDeviceInfoData = await QrCodeAuthModel.retrieveUserDeviceInfo(deviceId);
+    if (!userDeviceInfoData.userExists) {
+      return res.boom.notFound(`User with id ${deviceId} does not exist.`);
     }
+    return res.json({
+      message: "Authentication document retrieved successfully.",
+      data: { ...userDeviceInfoData.data },
+    });
   } catch (error) {
     logger.error(`Error while fetching user: ${error}`);
     return res.boom.badImplementation(SOMETHING_WENT_WRONG);

middlewares/validators/qrCodeAuth.js

@@ -32,7 +32,22 @@ const validateAuthStatus = async (req, res, next) => {
   }
 };
 
+const validateFetchingUserDocument = async (req, res, next) => {
+  const schema = joi.object().strict().keys({
+    device_id: joi.string().required(),
+  });
+
+  try {
+    await schema.validateAsync(req.query);
+    next();
+  } catch (error) {
+    logger.error(`Invalid Query Parameters Passed`);
+    res.boom.badRequest(`Invalid Query Parameters Passed`);
+  }
+};
+
 module.exports = {
   storeUserDeviceInfo,
   validateAuthStatus,
+  validateFetchingUserDocument,
 };

routes/auth.js

@@ -12,7 +12,7 @@ router.get("/github/callback", auth.githubAuth);
 
 router.get("/signout", auth.signout);
 
-router.get("/qr-code-auth", auth.fetchUserDeviceInfo);
+router.get("/qr-code-auth", userDeviceInfoValidator.validateFetchingUserDocument, auth.fetchUserDeviceInfo);
 
 router.post("/qr-code-auth", userDeviceInfoValidator.storeUserDeviceInfo, auth.storeUserDeviceInfo);
 

test/integration/qrCodeAuth.test.js

@@ -166,7 +166,12 @@ describe("QrCodeAuth", function () {
     let userDeviceInfoData;
     beforeEach(async function () {
       userId = await addUser(user);
-      userDeviceInfoData = { ...userDeviceInfoDataArray[0], user_id: userId, authorization_status: "NOT_INIT" };
+      userDeviceInfoData = {
+        ...userDeviceInfoDataArray[0],
+        user_id: userId,
+        authorization_status: "NOT_INIT",
+        access_token: "ACCESS_TOKEN",
+      };
     });
     afterEach(async function () {
       await cleanDb();
@@ -183,6 +188,11 @@ describe("QrCodeAuth", function () {
           }
           expect(res).to.have.status(200);
           expect(res.body).to.be.a("object");
+          expect(res.body.data.user_id).to.be.a("string");
+          expect(res.body.data.device_info).to.be.a("string");
+          expect(res.body.data.device_id).to.be.a("string");
+          expect(res.body.data.authorization_status).to.be.a("string");
+          expect(res.body.data.access_token).to.be.a("string");
           expect(res.body.message).to.equal(`Authentication document retrieved successfully.`);
 
           return done();
@@ -200,7 +210,7 @@ describe("QrCodeAuth", function () {
 
           expect(res).to.have.status(404);
           expect(res.body).to.be.a("object");
-          expect(res.body.message).to.equal("No Authentication found!");
+          expect(res.body.message).to.equal(`User with id ${userDeviceInfoData.device_id} does not exist.`);
           expect(res.body.error).to.equal("Not Found");
 
           return done();

test/unit/models/qrCodeAuth.test.js

@@ -88,17 +88,18 @@ describe("mobile auth", function () {
         ...userDeviceInfoDataArray[0],
         user_id: userId,
         authorization_status: "NOT_INIT",
+        access_token: "ACCESS_TOKEN",
       };
 
       await qrCodeAuth.storeUserDeviceInfo(userDeviceInfoData);
       const response = await qrCodeAuth.retrieveUserDeviceInfo(userDeviceInfoData.device_id);
-
       const userDeviceInfo = response.data;
       const {
         user_id: userID,
         device_info: deviceInfo,
         device_id: deviceId,
         authorization_status: authorizationStatus,
+        access_token: accessToken,
       } = userDeviceInfo;
 
       const data = (await qrCodeAuthModel.doc(userId).get()).data();
@@ -112,6 +113,7 @@ describe("mobile auth", function () {
       expect(deviceInfo).to.be.a("string");
       expect(deviceId).to.be.a("string");
       expect(authorizationStatus).to.be.a("string");
+      expect(accessToken).to.be.a("string");
     });
   });
 });