diff --git a/constants/userDataLevels.js b/constants/userDataLevels.js deleted file mode 100644 index a907e265a..000000000 --- a/constants/userDataLevels.js +++ /dev/null @@ -1,21 +0,0 @@ -const ACCESS_LEVEL = { - PUBLIC: "public", - INTERNAL: "internal", - PRIVATE: "private", - CONFIDENTIAL: "confidential", -}; - -const ROLE_LEVEL = { - private: ["super_user"], - internal: ["super_user"], - confidential: ["super_user"], -}; - -const KEYS_NOT_ALLOWED = { - public: ["email", "phone", "chaincode"], - internal: ["phone", "chaincode"], - private: ["chaincode"], - confidential: [], -}; - -module.exports = { ACCESS_LEVEL, KEYS_NOT_ALLOWED, ROLE_LEVEL }; diff --git a/constants/users.js b/constants/users.js index f96dbd19e..571fcfb92 100644 --- a/constants/users.js +++ b/constants/users.js @@ -4,6 +4,8 @@ const profileStatus = { NOT_APPROVED: "NOT APPROVED", }; +const USER_SENSITIVE_DATA = ["phone", "email", "chaincode", "tokens"]; + const USER_STATUS = { OOO: "ooo", IDLE: "idle", @@ -47,4 +49,5 @@ module.exports = { USERS_PATCH_HANDLER_ACTIONS, USERS_PATCH_HANDLER_ERROR_MESSAGES, USERS_PATCH_HANDLER_SUCCESS_MESSAGES, + USER_SENSITIVE_DATA, }; diff --git a/controllers/discordactions.js b/controllers/discordactions.js index f91da7504..a24bf665b 100644 --- a/controllers/discordactions.js +++ b/controllers/discordactions.js @@ -3,7 +3,6 @@ const admin = require("firebase-admin"); const config = require("config"); const jwt = require("jsonwebtoken"); const discordRolesModel = require("../models/discordactions"); -const { retrieveUsers } = require("../services/dataAccessLayer"); /** * Creates a role @@ -67,25 +66,9 @@ const createGroupRole = async (req, res) => { const getAllGroupRoles = async (req, res) => { try { const { groups } = await discordRolesModel.getAllGroupRoles(); - const groupsWithMemberCount = await discordRolesModel.getNumberOfMemberForGroups(groups); - const groupCreatorIds = groupsWithMemberCount.reduce((ids, group) => { - ids.add(group.createdBy); - return ids; - }, new Set()); - const groupCreatorsDetails = await retrieveUsers({ userIds: Array.from(groupCreatorIds) }); - const groupsWithUserDetails = groupsWithMemberCount.map((group) => { - const groupCreator = groupCreatorsDetails[group.createdBy]; - return { - ...group, - firstName: groupCreator.first_name, - lastName: groupCreator.last_name, - image: groupCreator.picture?.url, - }; - }); - return res.json({ message: "Roles fetched successfully!", - groups: groupsWithUserDetails, + groups, }); } catch (err) { logger.error(`Error while getting roles: ${err}`); diff --git a/controllers/events.js b/controllers/events.js index 1429d65d7..b0b77bbdc 100644 --- a/controllers/events.js +++ b/controllers/events.js @@ -1,11 +1,9 @@ +/* eslint-disable camelcase */ const { GET_ALL_EVENTS_LIMIT_MIN, UNWANTED_PROPERTIES_FROM_100MS } = require("../constants/events"); -const { INTERNAL_SERVER_ERROR } = require("../constants/errorMessages"); - const { EventTokenService, EventAPIService } = require("../services"); +const { removeUnwantedProperties } = require("../utils/events"); const eventQuery = require("../models/events"); - const logger = require("../utils/logger"); -const { removeUnwantedProperties } = require("../utils/events"); const tokenService = new EventTokenService(); const apiService = new EventAPIService(tokenService); @@ -102,7 +100,7 @@ const joinEvent = async (req, res) => { }); } catch (error) { logger.error({ error }); - return res.boom.badImplementation(INTERNAL_SERVER_ERROR); + return res.status(500).send("Internal Server Error"); } }; @@ -195,70 +193,6 @@ const endActiveEvent = async (req, res) => { } }; -/** - * Adds a peer to an event. - * - * @async - * @function - * @param {Object} req - The Express request object. - * @param {Object} res - The Express response object. - * @returns {Promise} The JSON response with the added peer data and a success message. - * @throws {Object} The JSON response with an error message if an error occurred while adding the peer. - */ -const addPeerToEvent = async (req, res) => { - try { - const data = await eventQuery.addPeerToEvent({ - peerId: req.body.peerId, - name: req.body.name, - role: req.body.role, - joinedAt: req.body.joinedAt, - eventId: req.params.id, - }); - return res.status(200).json({ - data, - message: `Selected Participant is added to the event.`, - }); - } catch (error) { - logger.error({ error }); - return res.status(500).json({ - error: error.code, - message: "You can't add selected Participant. Please ask Admin or Host for help.", - }); - } -}; - -/** - * Kicks out a peer from an event. - * - * @async - * @function - * @param {Object} req - The Express request object. - * @param {Object} res - The Express response object. - * @returns {Promise} The JSON response with a success message if the peer is successfully kicked out. - * @throws {Object} The JSON response with an error message if an error occurred while kicking out the peer. - */ -const kickoutPeer = async (req, res) => { - const { id } = req.params; - const payload = { - peer_id: req.body.peerId, - reason: req.body.reason, - }; - - try { - await apiService.post(`/active-rooms/${id}/remove-peers`, payload); - await eventQuery.kickoutPeer({ eventId: id, peerId: payload.peer_id, reason: req.body.reason }); - return res.status(200).json({ - message: `Selected Participant is removed from event.`, - }); - } catch (error) { - logger.error({ error }); - return res.status(500).json({ - error: error.code, - message: "You can't remove selected Participant from Remove, Please ask Admin or Host for help.", - }); - } -}; - module.exports = { createEvent, getAllEvents, @@ -266,6 +200,4 @@ module.exports = { getEventById, updateEvent, endActiveEvent, - addPeerToEvent, - kickoutPeer, }; diff --git a/controllers/members.js b/controllers/members.js index 1ece7d3bc..4d141ccac 100644 --- a/controllers/members.js +++ b/controllers/members.js @@ -1,7 +1,7 @@ const ROLES = require("../constants/roles"); const members = require("../models/members"); const tasks = require("../models/tasks"); -const { SOMETHING_WENT_WRONG, INTERNAL_SERVER_ERROR } = require("../constants/errorMessages"); +const { SOMETHING_WENT_WRONG } = require("../constants/errorMessages"); const dataAccess = require("../services/dataAccessLayer"); const { addLog } = require("../models/logs"); /** @@ -110,7 +110,7 @@ const archiveMembers = async (req, res) => { return res.boom.notFound("User doesn't exist"); } catch (err) { logger.error(`Error while retriving contributions ${err}`); - return res.boom.badImplementation(INTERNAL_SERVER_ERROR); + return res.boom.badImplementation(SOMETHING_WENT_WRONG); } }; diff --git a/controllers/users.js b/controllers/users.js index a22f8748c..6ba591686 100644 --- a/controllers/users.js +++ b/controllers/users.js @@ -106,10 +106,9 @@ const getUsers = async (req, res) => { } const data = await dataAccess.retrieveUsers({ query: req.query }); - return res.json({ message: "Users returned successfully!", - users: data.users, + users: data.allUsers, links: { next: data.nextId ? getPaginationLink(req.query, "next", data.nextId) : "", prev: data.prevId ? getPaginationLink(req.query, "prev", data.prevId) : "", @@ -211,9 +210,10 @@ const getUsernameAvailabilty = async (req, res) => { const getSelfDetails = async (req, res) => { try { if (req.userData) { - const user = await dataAccess.retrieveUsers({ - userdata: req.userData, - }); + if (req.query.private) { + return res.send(req.userData); + } + const user = await dataAccess.retrieveUsers({ userdata: req.userData }); return res.send(user); } return res.boom.notFound("User doesn't exist"); @@ -412,7 +412,6 @@ const updateUser = async (req, res) => { const generateChaincode = async (req, res) => { try { const { id } = req.userData; - const chaincode = await chaincodeQuery.storeChaincode(id); await userQuery.addOrUpdate({ chaincode }, id); return res.json({ diff --git a/middlewares/authenticate.js b/middlewares/authenticate.js index 667d41b32..d72b2c71f 100644 --- a/middlewares/authenticate.js +++ b/middlewares/authenticate.js @@ -1,5 +1,5 @@ const authService = require("../services/authService"); -const dataAccess = require("../services/dataAccessLayer"); +const users = require("../models/users"); /** * Middleware to check if the user has been restricted. If user is restricted, @@ -54,7 +54,7 @@ module.exports = async (req, res, next) => { const { userId } = authService.verifyAuthToken(token); // add user data to `req.userData` for further use - const userData = await dataAccess.retrieveUsers({ id: userId }); + const userData = await users.fetchUser({ userId }); req.userData = userData.user; return checkRestricted(req, res, next); @@ -79,7 +79,8 @@ module.exports = async (req, res, next) => { }); // add user data to `req.userData` for further use - req.userData = await dataAccess.retrieveUsers({ id: userId }); + req.userData = await users.fetchUser({ userId }); + return checkRestricted(req, res, next); } else { return res.boom.unauthorized("Unauthenticated User"); diff --git a/middlewares/validators/events.js b/middlewares/validators/events.js index 10e479fc3..c5196f2c7 100644 --- a/middlewares/validators/events.js +++ b/middlewares/validators/events.js @@ -100,50 +100,6 @@ const endActiveEvent = async (req, res, next) => { } }; -const addPeerToEvent = async (req, res, next) => { - const { id } = req.params; - const { peerId, name, role, joinedAt } = req.body; - - const schema = joi.object({ - peerId: joi.string().required(), - name: joi.string().required(), - id: joi.string().required(), - role: joi.string().required(), - joinedAt: joi.date().required(), - }); - - const validationOptions = { abortEarly: false }; - - try { - await schema.validateAsync({ peerId, name, id, role, joinedAt }, validationOptions); - next(); - } catch (error) { - logger.error(`Error while adding a peer to the event: ${error}`); - res.boom.badRequest(error.details[0].message); - } -}; - -const kickoutPeer = async (req, res, next) => { - const { id } = req.params; - const { peerId, reason } = req.body; - - const schema = joi.object({ - id: joi.string().required(), - peerId: joi.string().required(), - reason: joi.string().required(), - }); - - const validationOptions = { abortEarly: false }; - - try { - await schema.validateAsync({ id, peerId, reason }, validationOptions); - next(); - } catch (error) { - logger.error(`We encountered some error while removing selected Participant from event: ${error}`); - res.boom.badRequest(error.details[0].message); - } -}; - module.exports = { createEvent, getAllEvents, @@ -151,6 +107,4 @@ module.exports = { getEventById, updateEvent, endActiveEvent, - addPeerToEvent, - kickoutPeer, }; diff --git a/models/discordactions.js b/models/discordactions.js index c8e30230d..cb93d3336 100644 --- a/models/discordactions.js +++ b/models/discordactions.js @@ -114,41 +114,10 @@ const updateDiscordImageForVerification = async (userDiscordId) => { } }; -const getNumberOfMemberForGroups = async (groups = []) => { - try { - if (!groups.length) { - return []; - } - const roleIds = groups.map((group) => group.roleid); - - const snapshots = await memberRoleModel.where("roleid", "in", roleIds).get(); - const roleCount = {}; - - snapshots.forEach((doc) => { - const roleToMemberMapping = doc.data(); - - if (roleCount[roleToMemberMapping.roleid]) { - roleCount[roleToMemberMapping.roleid] += 1; - } else { - roleCount[roleToMemberMapping.roleid] = 1; - } - }); - - return groups.map((group) => ({ - ...group, - memberCount: roleCount[group.roleid] || 0, - })); - } catch (err) { - logger.error("Error while counting members for each group", err); - throw err; - } -}; - module.exports = { createNewRole, getAllGroupRoles, addGroupRoleToMember, isGroupRoleExists, updateDiscordImageForVerification, - getNumberOfMemberForGroups, }; diff --git a/models/events.js b/models/events.js index 46077ced2..b78f2fbfe 100644 --- a/models/events.js +++ b/models/events.js @@ -1,9 +1,7 @@ -const Firestore = require("@google-cloud/firestore"); const firestore = require("../utils/firestore"); const logger = require("../utils/logger"); const eventModel = firestore.collection("events"); -const peerModel = firestore.collection("peers"); /** * Creates a new event document in Firestore and returns the data for the created document. @@ -68,112 +66,8 @@ const endActiveEvent = async ({ id, reason, lock }) => { } }; -/** - * Adds a peer to an event in the Firestore database. - * @async - * @function - * @param {Object} peerData - The data of the peer to be added. - * @param {string} peerData.name - The name of the peer. - * @param {string} peerData.eventId - The unique identifier of the event the peer is being added to. - * @param {string} peerData.role - The role of the peer in the event. - * @param {Date} peerData.joinedAt - The timestamp indicating when the peer joined the event. - * @returns {Promise} The data of the added peer. - * @throws {Error} If an error occurs while adding the peer to the event. - */ - -const addPeerToEvent = async (peerData) => { - try { - const batch = firestore.batch(); - - const peerRef = peerModel.doc(peerData.peerId); - const peerDocSnapshot = await peerRef.get(); - - if (!peerDocSnapshot.exists) { - // If the peer document doesn't exist, create a new one - const peerDocData = { - peerId: peerData.peerId, - name: peerData.name, - joinedEvents: [ - { - event_id: peerData.eventId, - role: peerData.role, - joined_at: peerData.joinedAt, - }, - ], - }; - batch.set(peerRef, peerDocData); - } else { - // If the peer document exists, update the joinedEvents array - batch.update(peerRef, { - joinedEvents: Firestore.FieldValue.arrayUnion({ - event_id: peerData.eventId, - role: peerData.role, - joined_at: peerData.joinedAt, - }), - }); - } - - const eventRef = eventModel.doc(peerData.eventId); - batch.update(eventRef, { - peers: Firestore.FieldValue.arrayUnion(peerRef.id), - }); - - await batch.commit(); - - const updatedPeerSnapshot = await peerRef.get(); - return updatedPeerSnapshot.data(); - } catch (error) { - logger.error("Error in adding peer to the event", error); - throw error; - } -}; - -/** - * Removes a peer from an event and marks them as kicked out in the Firestore database. - * @async - * @function - * @param {Object} params - The parameters for kicking out the peer. - * @param {string} params.eventId - The unique identifier of the event from which the peer is being kicked out. - * @param {string} params.peerId - The unique identifier of the peer being kicked out. - * @param {string} params.reason - The reason for kicking out the peer from the event. - * @returns {Promise} The updated data of the kicked-out peer. - * @throws {Error} If the peer is not found or is not part of the specified event. - */ -const kickoutPeer = async ({ eventId, peerId, reason }) => { - try { - const peerRef = peerModel.doc(peerId); - const peerSnapshot = await peerRef.get(); - - if (!peerSnapshot.exists) { - throw new Error("Participant not found"); - } - - const peerData = peerSnapshot.data(); - const joinedEvents = peerData.joinedEvents; - - const eventIndex = joinedEvents.findIndex((event) => event.event_id === eventId); - if (eventIndex === -1) { - throw new Error("Participant is not part of the specified event"); - } - - const updatedJoinedEvents = joinedEvents.map((event, index) => - index === eventIndex ? { ...event, left_at: new Date(), reason: reason, isKickedout: true } : event - ); - - await peerRef.update({ joinedEvents: updatedJoinedEvents }); - - const updatedPeerSnapshot = await peerRef.get(); - return updatedPeerSnapshot.data(); - } catch (error) { - logger.error("Error in removing peer from the event.", error); - throw error; - } -}; - module.exports = { createEvent, updateEvent, endActiveEvent, - addPeerToEvent, - kickoutPeer, }; diff --git a/models/logs.js b/models/logs.js index 8779d0601..80daf676f 100644 --- a/models/logs.js +++ b/models/logs.js @@ -3,7 +3,6 @@ const { getBeforeHourTime } = require("../utils/time"); const logsModel = firestore.collection("logs"); const admin = require("firebase-admin"); const { logType } = require("../constants/logs"); -const { INTERNAL_SERVER_ERROR } = require("../constants/errorMessages"); /** * Adds log @@ -23,7 +22,7 @@ const addLog = async (type, meta, body) => { return await logsModel.add(log); } catch (err) { logger.error("Error in adding log", err); - throw new Error(INTERNAL_SERVER_ERROR); + throw err; } }; @@ -43,27 +42,14 @@ const fetchLogs = async (query, param) => { } }); - const { limit, lastDocId, userId } = query; + const { limit, lastDocId } = query; let lastDoc; const limitDocuments = Number(limit); if (lastDocId) { lastDoc = await logsModel.doc(lastDocId).get(); } - if (userId) { - const logsSnapshot = await logsModel - .where("type", "==", param) - .where("body.archived_user.user_id", "==", userId) - .orderBy("timestamp", "desc") - .get(); - const logs = []; - logsSnapshot.forEach((doc) => { - logs.push({ - ...doc.data(), - }); - }); - return logs; - } + const logsSnapshotQuery = call.orderBy("timestamp", "desc").startAfter(lastDoc ?? ""); const snapshot = limit ? await logsSnapshotQuery.limit(limitDocuments).get() @@ -78,7 +64,7 @@ const fetchLogs = async (query, param) => { return logs; } catch (err) { logger.error("Error in adding log", err); - throw new Error(INTERNAL_SERVER_ERROR); + throw err; } }; diff --git a/routes/events.js b/routes/events.js index 5a2b2ce8c..9c5df3116 100644 --- a/routes/events.js +++ b/routes/events.js @@ -10,7 +10,5 @@ router.post("/join", eventsValidator.joinEvent, events.joinEvent); router.get("/:id", eventsValidator.getEventById, events.getEventById); router.patch("/", authenticate, eventsValidator.updateEvent, events.updateEvent); router.patch("/end", authenticate, eventsValidator.endActiveEvent, events.endActiveEvent); -router.post("/:id/peers", authenticate, eventsValidator.addPeerToEvent, events.addPeerToEvent); -router.patch("/:id/peers/kickout", authenticate, eventsValidator.kickoutPeer, events.kickoutPeer); module.exports = router; diff --git a/services/dataAccessLayer.js b/services/dataAccessLayer.js index 4810e1bbf..83c4ef3bd 100644 --- a/services/dataAccessLayer.js +++ b/services/dataAccessLayer.js @@ -1,17 +1,8 @@ const userQuery = require("../models/users"); const members = require("../models/members"); -const { ROLE_LEVEL, KEYS_NOT_ALLOWED, ACCESS_LEVEL } = require("../constants/userDataLevels"); +const { USER_SENSITIVE_DATA } = require("../constants/users"); -const retrieveUsers = async ({ - id = null, - username = null, - usernames = null, - query = null, - userdata, - level = ACCESS_LEVEL.PUBLIC, - role = null, - userIds = [], -}) => { +const retrieveUsers = async ({ id = null, username = null, usernames = null, query = null, userdata }) => { if (id || username) { let result; if (id != null) { @@ -19,87 +10,66 @@ const retrieveUsers = async ({ } else { result = await userQuery.fetchUser({ username: username }); } - const user = levelSpecificAccess(result.user, level, role); - result.user = user; + removeSensitiveInfo(result.user); return result; } else if (usernames) { const { users } = await userQuery.fetchUsers(usernames); - const result = []; - users.forEach((userdata) => { - const user = levelSpecificAccess(userdata, level, role); - result.push(user); + users.forEach((element) => { + removeSensitiveInfo(element); }); - return result; - } else if (userIds.length > 0) { - const userDetails = await userQuery.fetchUserByIds(userIds); - Object.keys(userDetails).forEach((userId) => { - removeSensitiveInfo(userDetails[userId]); - }); - return userDetails; + return users; } else if (query) { const { allUsers, nextId, prevId } = await userQuery.fetchPaginatedUsers(query); - const users = []; - allUsers.forEach((userdata) => { - const user = levelSpecificAccess(userdata, level, role); - users.push(user); + allUsers.forEach((element) => { + removeSensitiveInfo(element); }); - return { users, nextId, prevId }; + return { allUsers, nextId, prevId }; } else { - const result = await userQuery.fetchUser({ userId: userdata.id }); - return levelSpecificAccess(result.user, level, role); + removeSensitiveInfo(userdata); + return userdata; } }; -const retrieveDiscordUsers = async (level = ACCESS_LEVEL.PUBLIC, role = null) => { +const retrieveDiscordUsers = async () => { const users = await userQuery.getDiscordUsers(); - const usersData = []; - users.forEach((userdata) => { - const user = levelSpecificAccess(userdata, level, role); - usersData.push(user); + users.forEach((element) => { + removeSensitiveInfo(element); }); - return usersData; + return users; }; const retreiveFilteredUsers = async (query) => { const users = await userQuery.getUsersBasedOnFilter(query); - users.forEach((userdata) => { - removeSensitiveInfo(userdata); + users.forEach((element) => { + removeSensitiveInfo(element); }); return users; }; const retrieveMembers = async (query) => { const allUsers = await members.fetchUsers(query); - allUsers.forEach((userdata) => { - removeSensitiveInfo(userdata); + allUsers.forEach((element) => { + removeSensitiveInfo(element); }); return allUsers; }; const retrieveUsersWithRole = async (role) => { const users = await members.fetchUsersWithRole(role); - users.forEach((userdata) => { - removeSensitiveInfo(userdata); + users.forEach((element) => { + removeSensitiveInfo(element); }); return users; }; -const removeSensitiveInfo = function (obj, level = ACCESS_LEVEL.PUBLIC) { - for (let i = 0; i < KEYS_NOT_ALLOWED[level].length; i++) { - if (Object.prototype.hasOwnProperty.call(obj, KEYS_NOT_ALLOWED[level][i])) { - delete obj[KEYS_NOT_ALLOWED[level][i]]; +const removeSensitiveInfo = function (obj) { + for (let i = 0; i < USER_SENSITIVE_DATA.length; i++) { + if (Object.prototype.hasOwnProperty.call(obj, USER_SENSITIVE_DATA[i])) { + delete obj[USER_SENSITIVE_DATA[i]]; } } }; -const levelSpecificAccess = (user, level = ACCESS_LEVEL.PUBLIC, role = null) => { - if (level === ACCESS_LEVEL.PUBLIC || ROLE_LEVEL[level].includes(role)) { - removeSensitiveInfo(user, level); - return user; - } - return "unauthorized"; -}; - module.exports = { retrieveUsers, removeSensitiveInfo, @@ -107,5 +77,4 @@ module.exports = { retrieveMembers, retrieveUsersWithRole, retreiveFilteredUsers, - levelSpecificAccess, }; diff --git a/test/fixtures/discordactions/discordactions.js b/test/fixtures/discordactions/discordactions.js index 0a84b617d..f14c57b52 100644 --- a/test/fixtures/discordactions/discordactions.js +++ b/test/fixtures/discordactions/discordactions.js @@ -1,7 +1,7 @@ const groupData = [ - { rolename: "Group 1", roleid: 1 }, - { rolename: "Group 2", roleid: 2 }, - { rolename: "Group 3", roleid: 3 }, + { id: "1", name: "Group 1" }, + { id: "2", name: "Group 2" }, + { id: "3", name: "Group 3" }, ]; const roleData = { diff --git a/test/fixtures/logs/archievedUsers.js b/test/fixtures/logs/archievedUsers.js deleted file mode 100644 index 66f9b3497..000000000 --- a/test/fixtures/logs/archievedUsers.js +++ /dev/null @@ -1,68 +0,0 @@ -const archivedUserDetailsModal = [ - { - type: "archived-details", - meta: {}, - body: { - reason: "test reason", - archived_user: { user_id: "R5kljdsleH4Gr2t7tvr0Z", username: "testUser1" }, - archived_by: { - user_id: "ReMyuklislajwooncVL", - roles: { - in_discord: true, - super_user: false, - member: true, - archived: false, - }, - }, - }, - timestamp: { - _seconds: 1657193216, - _nanoseconds: 912000000, - }, - }, - { - type: "archived-details", - meta: {}, - body: { - reason: "test reason", - archived_user: { user_id: "R5kljdsleH4Gr2t7tvr0Z", username: "testUser1" }, - archived_by: { - user_id: "ReMyuklislajwooncVL", - roles: { - in_discord: true, - super_user: false, - member: true, - archived: false, - }, - }, - }, - timestamp: { - _seconds: 1657193216, - _nanoseconds: 912000000, - }, - }, - { - type: "archived-details", - meta: {}, - body: { - reason: "test reason", - archived_user: { user_id: "Efskee4Gr2t7tvr0Z", username: "testUser2" }, - archived_by: { - user_id: "ReMyuklislajwooncVL", - roles: { - in_discord: true, - super_user: false, - member: true, - archived: false, - }, - }, - }, - timestamp: { - _seconds: 1657193216, - _nanoseconds: 912000000, - }, - }, -]; -module.exports = { - archivedUserDetailsModal, -}; diff --git a/test/fixtures/user/user.js b/test/fixtures/user/user.js index 7ca3dd0a0..8e53075da 100644 --- a/test/fixtures/user/user.js +++ b/test/fixtures/user/user.js @@ -272,6 +272,12 @@ module.exports = () => { linkedin_id: "testuser1", github_id: "testuser1", github_display_name: "Test User", + phone: "1234567890", + email: "tu@gmail.com", + chaincode: "1234", + tokens: { + githubAccessToken: "githubAccessToken", + }, roles: { member: true, }, @@ -328,29 +334,6 @@ module.exports = () => { twitter_id: "ramsingh123", linkedin_id: "ramsingh123", }, - { - username: "testuser3", - first_name: "test3", - last_name: "user3", - yoe: 1, - img: "./img.png", - linkedin_id: "testuser1", - github_id: "testuser", - github_display_name: "Test User 3", - phone: "1234567890", - email: "abcd@gmail.com", - chaincode: "12345", - tokens: { - githubAccessToken: "githubAccessToken", - }, - roles: { - member: true, - }, - picture: { - publicId: "profile/mtS4DhUvNYsKqI7oCWVB/aenklfhtjldc5ytei3ar", - url: "https://res.cloudinary.com/realdevsquad/image/upload/v1667685133/profile/mtS4DhUvNYsKqI7oCWVB/aenklfhtjldc5ytei3ar.jpg", - }, - }, { username: "sahsisunny", first_name: "sunny", diff --git a/test/integration/discord.test.js b/test/integration/discord.test.js index 9a801157c..5147efee3 100644 --- a/test/integration/discord.test.js +++ b/test/integration/discord.test.js @@ -8,14 +8,6 @@ const authService = require("../../services/authService"); const userData = require("../fixtures/user/user")(); const { requestRoleData } = require("../fixtures/discordactions/discordactions"); -const firestore = require("../../utils/firestore"); -const discordRoleModel = firestore.collection("discord-roles"); -const userModel = firestore.collection("users"); - -const { addGroupRoleToMember } = require("../../models/discordactions"); - -const { groupData } = require("../fixtures/discordactions/discordactions"); - const cookieName = config.get("userToken.cookieName"); let userId; @@ -67,29 +59,6 @@ describe("test discord actions", function () { const user = { ...userData[4], discordId: "123456789" }; userId = await addUser(user); jwt = authService.generateAuthToken({ userId }); - - let allIds = []; - - const addUsersPromises = userData.map((user) => userModel.add({ ...user })); - const responses = await Promise.all(addUsersPromises); - allIds = responses.map((response) => response.id); - - const addRolesPromises = [ - discordRoleModel.add({ roleid: groupData[0].roleid, rolename: groupData[0].rolename, createdBy: allIds[1] }), - discordRoleModel.add({ roleid: groupData[1].roleid, rolename: groupData[1].rolename, createdBy: allIds[0] }), - ]; - await Promise.all(addRolesPromises); - - const addGroupRolesPromises = [ - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: allIds[0] }), - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: allIds[1] }), - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: allIds[1] }), - addGroupRoleToMember({ roleid: groupData[1].roleid, userid: allIds[0] }), - ]; - await Promise.all(addGroupRolesPromises); - }); - afterEach(async function () { - await cleanDb(); }); it("returns 200 for active users get method", function (done) { diff --git a/test/integration/discordactions.test.js b/test/integration/discordactions.test.js index 928091bc5..74ec16085 100644 --- a/test/integration/discordactions.test.js +++ b/test/integration/discordactions.test.js @@ -16,11 +16,6 @@ const cookieName = config.get("userToken.cookieName"); const firestore = require("../../utils/firestore"); const { userPhotoVerificationData } = require("../fixtures/user/photo-verification"); const photoVerificationModel = firestore.collection("photo-verification"); -const discordRoleModel = firestore.collection("discord-roles"); -const userModel = firestore.collection("users"); - -const { groupData } = require("../fixtures/discordactions/discordactions"); -const { addGroupRoleToMember } = require("../../models/discordactions"); chai.use(chaiHttp); describe("Discord actions", function () { @@ -90,54 +85,4 @@ describe("Discord actions", function () { }); }); }); - - describe("GET /discord-actions/groups", function () { - before(async function () { - let allIds = []; - - const addUsersPromises = userData.map((user) => userModel.add({ ...user })); - const responses = await Promise.all(addUsersPromises); - allIds = responses.map((response) => response.id); - - const addRolesPromises = [ - discordRoleModel.add({ roleid: groupData[0].roleid, rolename: groupData[0].rolename, createdBy: allIds[1] }), - discordRoleModel.add({ roleid: groupData[1].roleid, rolename: groupData[1].rolename, createdBy: allIds[0] }), - ]; - await Promise.all(addRolesPromises); - - const addGroupRolesPromises = [ - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: allIds[0] }), - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: allIds[1] }), - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: allIds[1] }), - addGroupRoleToMember({ roleid: groupData[1].roleid, userid: allIds[0] }), - ]; - await Promise.all(addGroupRolesPromises); - }); - - after(async function () { - await cleanDb(); - }); - - it("should successfully return all groups detail", function (done) { - chai - .request(app) - .get(`/discord-actions/groups`) - .set("cookie", `${cookieName}=${superUserAuthToken}`) - .end((err, res) => { - if (err) { - return done(err); - } - - expect(res).to.have.status(200); - expect(res.body).to.be.an("object"); - // Verify presence of specific properties in each group - const expectedProps = ["roleid", "rolename", "memberCount", "firstName", "lastName", "image"]; - res.body.groups.forEach((group) => { - expect(group).to.include.all.keys(expectedProps); - }); - expect(res.body.message).to.equal("Roles fetched successfully!"); - return done(); - }); - }); - }); }); diff --git a/test/integration/members.test.js b/test/integration/members.test.js index 5da4a06aa..18bf25b6a 100644 --- a/test/integration/members.test.js +++ b/test/integration/members.test.js @@ -12,9 +12,6 @@ const userData = require("../fixtures/user/user")(); const config = require("config"); const cookieName = config.get("userToken.cookieName"); -const Sinon = require("sinon"); -const { INTERNAL_SERVER_ERROR } = require("../../constants/errorMessages"); -const members = require("../../models/members"); chai.use(chaiHttp); @@ -261,42 +258,16 @@ describe("Members", function () { }); describe("PATCH /members/archiveMembers/:username", function () { - let archiveRoleToMemberStub; beforeEach(async function () { const superUserId = await addUser(superUser); jwt = authService.generateAuthToken({ userId: superUserId }); }); - afterEach(async function () { - Sinon.restore(); - await cleanDb(); - }); - it("Should return an object with status 500 and an error message", function (done) { - archiveRoleToMemberStub = Sinon.stub(members, "addArchiveRoleToMembers"); - archiveRoleToMemberStub.throws(new Error(INTERNAL_SERVER_ERROR)); - addUser(userToBeArchived).then(() => { - chai - .request(app) - .patch(`/members/archiveMembers/${userToBeArchived.username}`) - .set("cookie", `${cookieName}=${jwt}`) - .send({ reason: "some reason" }) - .end((err, res) => { - if (err) { - return done(err); - } - expect(res).to.have.status(500); - expect(res.body).to.be.a("object"); - expect(res.body.message).to.equal(INTERNAL_SERVER_ERROR); - return done(); - }); - }); - }); it("Should return 404 if user doesn't exist", function (done) { chai .request(app) .patch(`/members/archiveMembers/${userDoesNotExists.username}`) .set("cookie", `${cookieName}=${jwt}`) - .send({ reason: "some reason" }) .end((err, res) => { if (err) { return done(err); @@ -313,7 +284,6 @@ describe("Members", function () { .request(app) .patch(`/members/archiveMembers/${userToBeArchived.username}`) .set("cookie", `${cookieName}=${jwt}`) - .send({ reason: "some reason" }) .end((err, res) => { if (err) { return done(err); @@ -334,7 +304,6 @@ describe("Members", function () { .request(app) .patch(`/members/archiveMembers/${userAlreadyArchived.username}`) .set("cookie", `${cookieName}=${jwt}`) - .send({ reason: "some reason" }) .end((err, res) => { if (err) { return done(err); @@ -348,5 +317,26 @@ describe("Members", function () { }); }); }); + + it("Should return 401 if user is not a super user", function (done) { + addUser(nonSuperUser).then((nonSuperUserId) => { + const nonSuperUserJwt = authService.generateAuthToken({ userId: nonSuperUserId }); + chai + .request(app) + .patch(`/members/moveToMembers/${nonSuperUser.username}`) + .set("cookie", `${cookieName}=${nonSuperUserJwt}`) + .end((err, res) => { + if (err) { + return done(err); + } + + expect(res).to.have.status(401); + expect(res.body).to.be.a("object"); + expect(res.body.message).to.equal("You are not authorized for this action."); + + return done(); + }); + }); + }); }); }); diff --git a/test/integration/tasks.test.js b/test/integration/tasks.test.js index 67a211cd4..6cee85c02 100644 --- a/test/integration/tasks.test.js +++ b/test/integration/tasks.test.js @@ -783,7 +783,7 @@ describe("Tasks", function () { }); it("Should return Forbidden error if task is not assigned to self", async function () { - const userId = await addUser(userData[0]); + const { userId } = await addUser(userData[0]); const jwt = authService.generateAuthToken({ userId }); const res = await chai.request(app).patch(`/tasks/self/${taskId1}`).set("cookie", `${cookieName}=${jwt}`); diff --git a/test/integration/users.test.js b/test/integration/users.test.js index df0277b4a..6bd465fbd 100644 --- a/test/integration/users.test.js +++ b/test/integration/users.test.js @@ -290,6 +290,7 @@ describe("Users", function () { expect(res.body.users).to.be.a("array"); expect(res.body.users[0]).to.not.have.property("phone"); expect(res.body.users[0]).to.not.have.property("email"); + expect(res.body.users[0]).to.not.have.property("tokens"); expect(res.body.users[0]).to.not.have.property("chaincode"); return done(); @@ -314,6 +315,7 @@ describe("Users", function () { }); expect(res.body.users[0]).to.not.have.property("phone"); expect(res.body.users[0]).to.not.have.property("email"); + expect(res.body.users[0]).to.not.have.property("tokens"); expect(res.body.users[0]).to.not.have.property("chaincode"); return done(); }); @@ -339,6 +341,7 @@ describe("Users", function () { expect(res.body.users.length).to.equal(1); expect(res.body.users[0]).to.not.have.property("phone"); expect(res.body.users[0]).to.not.have.property("email"); + expect(res.body.users[0]).to.not.have.property("tokens"); expect(res.body.users[0]).to.not.have.property("chaincode"); return done(); }); @@ -549,11 +552,31 @@ describe("Users", function () { expect(res.body).to.be.a("object"); expect(res.body).to.not.have.property("phone"); expect(res.body).to.not.have.property("email"); + expect(res.body).to.not.have.property("tokens"); expect(res.body).to.not.have.property("chaincode"); return done(); }); }); + it("Should return details with phone and email when query 'private' is true", function (done) { + chai + .request(app) + .get("/users/self") + .query({ private: true }) + .set("cookie", `${cookieName}=${jwt}`) + .end((err, res) => { + if (err) { + return done(); + } + + expect(res).to.have.status(200); + expect(res.body).to.be.a("object"); + expect(res.body).to.have.property("phone"); + expect(res.body).to.have.property("email"); + return done(); + }); + }); + it("Should return 401 if not logged in", function (done) { chai .request(app) @@ -593,6 +616,7 @@ describe("Users", function () { expect(res.body.user).to.be.a("object"); expect(res.body.user).to.not.have.property("phone"); expect(res.body.user).to.not.have.property("email"); + expect(res.body.user).to.not.have.property("tokens"); expect(res.body.user).to.not.have.property("chaincode"); return done(); }); @@ -634,6 +658,7 @@ describe("Users", function () { expect(res.body.user).to.be.a("object"); expect(res.body.user).to.not.have.property("phone"); expect(res.body.user).to.not.have.property("email"); + expect(res.body.user).to.not.have.property("tokens"); expect(res.body.user).to.not.have.property("chaincode"); return done(); }); diff --git a/test/integration/usersFilter.test.js b/test/integration/usersFilter.test.js index e619b24a9..c5a9f156c 100644 --- a/test/integration/usersFilter.test.js +++ b/test/integration/usersFilter.test.js @@ -388,6 +388,7 @@ describe("Filter Users", function () { res.body.users.forEach((user) => { expect(user).to.not.have.property("phone"); expect(user).to.not.have.property("email"); + expect(user).to.not.have.property("tokens"); }); return done(); }); diff --git a/test/unit/models/discordactions.test.js b/test/unit/models/discordactions.test.js index 2405c0a70..6c3b2fa66 100644 --- a/test/unit/models/discordactions.test.js +++ b/test/unit/models/discordactions.test.js @@ -12,7 +12,6 @@ const { isGroupRoleExists, addGroupRoleToMember, updateDiscordImageForVerification, - getNumberOfMemberForGroups, } = require("../../../models/discordactions"); const { groupData, roleData, existingRole } = require("../../fixtures/discordactions/discordactions"); const cleanDb = require("../../utils/cleanDb"); @@ -244,40 +243,4 @@ describe("discordactions", function () { } }); }); - - describe("getNumberOfMemberForGroups", function () { - before(async function () { - await Promise.all([ - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: 1 }), - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: 2 }), - addGroupRoleToMember({ roleid: groupData[0].roleid, userid: 3 }), - addGroupRoleToMember({ roleid: groupData[1].roleid, userid: 1 }), - ]); - }); - - after(async function () { - await cleanDb(); - }); - - it("should return an empty array if the parameter is an empty array", async function () { - const result = await getNumberOfMemberForGroups([]); - expect(result).to.be.an("array"); - expect(result.length).to.equal(0); - }); - - it("should return an empty array if the parameter no parameter is passed", async function () { - const result = await getNumberOfMemberForGroups(); - expect(result).to.be.an("array"); - expect(result.length).to.equal(0); - }); - - it("should return group details with memberCount details ", async function () { - const result = await getNumberOfMemberForGroups(groupData); - expect(result).to.deep.equal([ - { rolename: groupData[0].rolename, roleid: 1, memberCount: 3 }, - { rolename: groupData[1].rolename, roleid: 2, memberCount: 1 }, - { rolename: groupData[2].rolename, roleid: 3, memberCount: 0 }, - ]); - }); - }); }); diff --git a/test/unit/models/events.test.js b/test/unit/models/events.test.js index 49902f414..4dd937923 100644 --- a/test/unit/models/events.test.js +++ b/test/unit/models/events.test.js @@ -6,7 +6,6 @@ const firestore = require("../../../utils/firestore"); const eventQuery = require("../../../models/events"); const eventModel = firestore.collection("events"); -const peerModel = firestore.collection("peers"); const eventDataArray = require("../../fixtures/events/events")(); const eventData = eventDataArray[0]; @@ -18,100 +17,61 @@ describe("Events", function () { describe("createEvent", function () { it("should create a new event in firestore", async function () { + // Call the function with sample data const result = await eventQuery.createEvent(eventData); + // Add sample data to Firestore const data = (await eventModel.doc(eventData.room_id).get()).data(); + // Verify that the event was created expect(result).to.deep.equal(data); }); }); describe("updateEvent", function () { it("should update the enabled property of a event", async function () { + // Add sample data to Firestore const docRef = eventModel.doc(eventData.room_id); await docRef.set(eventData); + // Call the function with sample data await eventQuery.updateEvent({ id: "641e3b43a42edf3910cbc8bf", enabled: true }, eventModel); + // Get updated data from Firestore const docSnapshot = await eventModel.doc(docRef.id).get(); const data = docSnapshot.data(); + // Verify that the enabled property was updated expect(data.enabled).to.equal(true); }); }); describe("endActiveEvent", function () { it("should update the lock, reason, and status of a event", async function () { + // Add sample data to Firestore const docRef = await eventModel.add(eventData); try { + // Call the function with sample data await eventQuery.endActiveEvent({ id: docRef.id, reason: "test reason", lock: true, }); + // Get updated data from Firestore const docSnapshot = await eventModel.doc(docRef.id).get(); const data = docSnapshot.data(); + // Verify that the lock, reason, and status properties were updated expect(data.lock).to.equal(true); expect(data.reason).to.equal("test reason"); expect(data.status).to.equal("inactive"); } catch (error) { + // Check that the function threw an error expect(error).to.exist(); expect(error.message).to.equal("Error in enabling event."); } }); }); - - describe("addPeerToEvent", function () { - it("should create a new peer document if it doesn't exist", async function () { - const docRef = await eventModel.add(eventData); - - const peerData = { - peerId: "someid", - name: "NonExistingPeer", - eventId: docRef.id, - role: "participant", - joinedAt: new Date(), - }; - - const result = await eventQuery.addPeerToEvent(peerData); - - const docSnapshot = await peerModel.doc(result.peerId).get(); - const data = docSnapshot.data(); - - expect(data.name).to.equal(peerData.name); - expect(data.joinedEvents).to.have.lengthOf(1); - expect(data.joinedEvents[0].event_id).to.equal(peerData.eventId); - expect(data.joinedEvents[0].role).to.equal(peerData.role); - }); - - it("should update the joinedEvents array if the peer document exists", async function () { - const docRef = await eventModel.add(eventData); - - const peerData = { - peerId: "someid", - name: "ExistingPeer", - eventId: docRef.id, - role: "participant", - joinedAt: new Date(), - }; - - await peerModel.add({ - peerId: peerData.peerId, - name: peerData.name, - joinedEvents: [], - }); - - await eventQuery.addPeerToEvent(peerData); - - const docSnapshot = await peerModel.doc(peerData.peerId).get(); - const data = docSnapshot.data(); - - expect(data.joinedEvents).to.have.lengthOf(1); - expect(data.joinedEvents[0].event_id).to.equal(peerData.eventId); - expect(data.joinedEvents[0].role).to.equal(peerData.role); - }); - }); }); diff --git a/test/unit/models/logs.test.js b/test/unit/models/logs.test.js index 7526ba1ed..9d3df2ccd 100644 --- a/test/unit/models/logs.test.js +++ b/test/unit/models/logs.test.js @@ -4,17 +4,6 @@ const { expect } = chai; const cleanDb = require("../../utils/cleanDb"); const logsQuery = require("../../../models/logs"); const cacheData = require("../../fixtures/cloudflareCache/data"); -const logsData = require("../../fixtures/logs/archievedUsers"); -const app = require("../../../server"); -const Sinon = require("sinon"); -const { INTERNAL_SERVER_ERROR } = require("../../../constants/errorMessages"); -const userData = require("../../fixtures/user/user")(); -const addUser = require("../../utils/addUser"); -const cookieName = config.get("userToken.cookieName"); -const authService = require("../../../services/authService"); - -const superUser = userData[4]; -const userToBeMadeMember = userData[1]; describe("Logs", function () { after(async function () { @@ -48,77 +37,4 @@ describe("Logs", function () { expect(data[0].timestamp._nanoseconds).to.be.a("number"); }); }); - - describe("GET /logs/archived-details", function () { - let addLogsStub; - let jwt; - beforeEach(async function () { - const superUserId = await addUser(superUser); - jwt = authService.generateAuthToken({ userId: superUserId }); - await cleanDb(); - }); - afterEach(function () { - Sinon.restore(); - }); - - it("Should return an Internal server error message", async function () { - addLogsStub = Sinon.stub(logsQuery, "fetchLogs"); - addLogsStub.throws(new Error(INTERNAL_SERVER_ERROR)); - - addUser(userToBeMadeMember).then(() => { - const res = chai.request(app).get("/logs/archived-details").set("cookie", `${cookieName}=${jwt}`).send(); - - expect(res.body.message).to.equal(INTERNAL_SERVER_ERROR); - }); - }); - it("Should return empty array if no logs found", async function () { - const { type } = logsData.archivedUserDetailsModal[0]; - const query = {}; - - const data = await logsQuery.fetchLogs(query, type); - - expect(data).to.be.an("array").with.lengthOf(0); - }); - it("Should fetch all archived logs", async function () { - const { type, meta, body } = logsData.archivedUserDetailsModal[0]; - const query = {}; - - await logsQuery.addLog(type, meta, body); - const data = await logsQuery.fetchLogs(query, type); - - expect(data).to.be.an("array").with.lengthOf.greaterThan(0); - expect(data[0]).to.have.property("timestamp").that.is.an("object"); - expect(data[0].timestamp).to.have.property("_seconds").that.is.a("number"); - expect(data[0].timestamp).to.have.property("_nanoseconds").that.is.a("number"); - expect(data[0].body.archived_user).to.have.property("username").that.is.a("string"); - expect(data[0].body).to.have.property("reason").that.is.a("string"); - }); - it("Should fetch all archived logs for given user_id", async function () { - const { type, meta, body } = logsData.archivedUserDetailsModal[0]; - const query = { - userId: body.archived_user.user_id, - }; - await logsQuery.addLog(type, meta, body); - const data = await logsQuery.fetchLogs(query, type); - - expect(data).to.be.an("array").with.lengthOf.greaterThan(0); - expect(data[0]).to.have.property("timestamp").that.is.an("object"); - expect(data[0].timestamp).to.have.property("_seconds").that.is.a("number"); - expect(data[0].timestamp).to.have.property("_nanoseconds").that.is.a("number"); - expect(data[0].body).to.have.property("reason").that.is.a("string"); - }); - it("Should throw response status 404, if username is incorrect in the query", async function () { - const { type, meta, body } = logsData.archivedUserDetailsModal[0]; - const query = { - userId: "1234_test", // incorrect username - }; - await logsQuery.addLog(type, meta, body); - const data = await logsQuery.fetchLogs(query, type); - const response = await chai.request(app).get(`/logs/${type}/${query}`); - - expect(data).to.be.an("array").with.lengthOf(0); - expect(response).to.have.status(404); - expect(response.body.message).to.be.equal("Not Found"); - }); - }); }); diff --git a/test/unit/models/users.test.js b/test/unit/models/users.test.js index afce2af58..a145d6f5c 100644 --- a/test/unit/models/users.test.js +++ b/test/unit/models/users.test.js @@ -99,7 +99,7 @@ describe("users", function () { }); it("It should have created_At and updated_At fields", async function () { - const userData = userDataArray[15]; + const userData = userDataArray[14]; await users.addOrUpdate(userData); const githubUsername = "sahsisunny"; const { user, userExists } = await users.fetchUser({ githubUsername }); @@ -320,7 +320,7 @@ describe("users", function () { }); it("returns users with member role", async function () { const members = await users.getUsersByRole("member"); - expect(members.length).to.be.equal(7); + expect(members.length).to.be.equal(6); members.forEach((member) => { expect(member.roles.member).to.be.equal(true); }); diff --git a/test/unit/services/dataAccessLayer.test.js b/test/unit/services/dataAccessLayer.test.js index 0a15dff9b..c12e8ad11 100644 --- a/test/unit/services/dataAccessLayer.test.js +++ b/test/unit/services/dataAccessLayer.test.js @@ -12,17 +12,14 @@ const { retrieveUsersWithRole, retrieveMembers, retreiveFilteredUsers, - levelSpecificAccess, } = require("../../../services/dataAccessLayer"); -const { KEYS_NOT_ALLOWED, ACCESS_LEVEL } = require("../../../constants/userDataLevels"); - const userData = require("../../fixtures/user/user")(); +const { USER_SENSITIVE_DATA } = require("../../../constants/users"); chai.use(chaiHttp); const expect = chai.expect; let fetchUserStub; - describe("Data Access Layer", function () { describe("retrieveUsers", function () { it("should fetch a single user by ID and remove sensitive info", async function () { @@ -31,7 +28,7 @@ describe("Data Access Layer", function () { const result = await retrieveUsers({ id: userData[12].id }); removeSensitiveInfo(userData[12]); expect(result.user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { + USER_SENSITIVE_DATA.forEach((key) => { expect(result.user).to.not.have.property(key); }); }); @@ -41,7 +38,7 @@ describe("Data Access Layer", function () { const result = await retrieveUsers({ username: userData[12].username }); removeSensitiveInfo(userData[12]); expect(result.user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { + USER_SENSITIVE_DATA.forEach((key) => { expect(result.user).to.not.have.property(key); }); }); @@ -51,10 +48,10 @@ describe("Data Access Layer", function () { fetchUserStub.returns(Promise.resolve({ users: [userData[12]] })); const result = await retrieveUsers({ usernames: [userData[12].username] }); removeSensitiveInfo(userData[12]); - result.forEach((user) => { - expect(user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(user).to.not.have.property(key); + result.forEach((element) => { + expect(element).to.deep.equal(userData[12]); + USER_SENSITIVE_DATA.forEach((key) => { + expect(element).to.not.have.property(key); }); }); }); @@ -65,10 +62,10 @@ describe("Data Access Layer", function () { const query = { page: 1 }; const result = await retrieveUsers({ query }); removeSensitiveInfo(userData[12]); - result.users.forEach((user) => { - expect(user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(user).to.not.have.property(key); + result.allUsers.forEach((element) => { + expect(element).to.deep.equal(userData[12]); + USER_SENSITIVE_DATA.forEach((key) => { + expect(element).to.not.have.property(key); }); }); }); @@ -77,7 +74,7 @@ describe("Data Access Layer", function () { const userdata = userData[12]; await retrieveUsers({ userdata }); removeSensitiveInfo(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { + USER_SENSITIVE_DATA.forEach((key) => { expect(userdata).to.not.have.property(key); }); }); @@ -88,10 +85,10 @@ describe("Data Access Layer", function () { const fetchUserStub = sinon.stub(userQuery, "getDiscordUsers"); fetchUserStub.returns(Promise.resolve([userData[12]])); const result = await retrieveDiscordUsers(); - result.forEach((user) => { - expect(user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(user).to.not.have.property(key); + result.forEach((element) => { + expect(element).to.deep.equal(userData[12]); + USER_SENSITIVE_DATA.forEach((key) => { + expect(element).to.not.have.property(key); }); }); }); @@ -103,10 +100,10 @@ describe("Data Access Layer", function () { fetchUserStub.returns(Promise.resolve([userData[12]])); const query = { showArchived: true }; const result = await retrieveUsersWithRole(query); - result.forEach((user) => { - expect(user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(user).to.not.have.property(key); + result.forEach((element) => { + expect(element).to.deep.equal(userData[12]); + USER_SENSITIVE_DATA.forEach((key) => { + expect(element).to.not.have.property(key); }); }); }); @@ -117,23 +114,10 @@ describe("Data Access Layer", function () { const fetchUserStub = sinon.stub(members, "fetchUsers"); fetchUserStub.returns(Promise.resolve([userData[12]])); const result = await retrieveMembers(); - result.forEach((user) => { - expect(user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(user).to.not.have.property(key); - }); - }); - }); - - it("should fetch multiple users details based on ids and remove sensitive data", async function () { - const fetchUserStub = sinon.stub(userQuery, "fetchUserByIds"); - fetchUserStub.returns(Promise.resolve({ [userData[12].id]: userData[12] })); - const result = await retrieveUsers({ userIds: [userData[12].id] }); - removeSensitiveInfo(userData[12]); - Object.keys(result).forEach((id) => { - expect(result[id]).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(result[id]).to.not.have.property(key); + result.forEach((element) => { + expect(element).to.deep.equal(userData[12]); + USER_SENSITIVE_DATA.forEach((key) => { + expect(element).to.not.have.property(key); }); }); }); @@ -145,10 +129,10 @@ describe("Data Access Layer", function () { fetchUserStub.returns(Promise.resolve([userData[12]])); const query = { state: "ACTIVE" }; const result = await retreiveFilteredUsers(query); - result.forEach((user) => { - expect(user).to.deep.equal(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(user).to.not.have.property(key); + result.forEach((element) => { + expect(element).to.deep.equal(userData[12]); + USER_SENSITIVE_DATA.forEach((key) => { + expect(element).to.not.have.property(key); }); }); }); @@ -156,37 +140,10 @@ describe("Data Access Layer", function () { describe("removeSensitiveInfo", function () { it("should remove sensitive information from the users object", function () { - removeSensitiveInfo(userData[12]); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { + removeSensitiveInfo(userData); + USER_SENSITIVE_DATA.forEach((key) => { expect(userData[12]).to.not.have.property(key); }); }); }); - - describe("levelSpecificAccess", function () { - it("should return the user object for PUBLIC level after removing all sensitive info", function () { - const result = levelSpecificAccess({ ...userData[12] }, ACCESS_LEVEL.PUBLIC); - KEYS_NOT_ALLOWED[ACCESS_LEVEL.PUBLIC].forEach((key) => { - expect(result).to.not.have.property(key); - }); - }); - - it('should return "unauthorized" for non-superuser role', function () { - const unauthorizedRole = "member"; - const result = levelSpecificAccess({ ...userData[12] }, ACCESS_LEVEL.PRIVATE, unauthorizedRole); - expect(result).to.equal("unauthorized"); - }); - - it("should keep sensitive info for valid role and level", function () { - const user = { ...userData[12], email: "a@b.com", phone: "7890654329", chaincode: "78906" }; - const role = "super_user"; - const level = ACCESS_LEVEL.PRIVATE; - const result = levelSpecificAccess(user, level, role); - KEYS_NOT_ALLOWED[level].forEach((key) => { - expect(result).to.not.have.property(key); - }); - expect(result).to.have.property("phone"); - expect(result).to.have.property("email"); - }); - }); });