Merge pull request #2505 from Real-Dev-Squad/develop

iamitprakash · web-flow · commit 8b53aae2f081 · 2025-11-15T23:21:55.000+05:30
Dev to Main Sync
diff --git a/constants/roles.ts b/constants/roles.ts
@@ -5,6 +5,13 @@ const ROLES = {
   MEMBER: "member",
   ARCHIVED: "archived",
   INDISCORD: "in_discord",
+  DEVELOPER: "developer",
+  DESIGNER:"designer",
+  QA:"qa",
+  PRODUCT_MANAGER:"product_manager",
+  PROJECT_MANAGER:"project_manager",
+  SOCIAL_MEDIA:"social_media",
+  MAVEN:"maven"
 };
 
 module.exports = ROLES;
diff --git a/constants/users.ts b/constants/users.ts
@@ -1,3 +1,5 @@
+const ROLES = require("./roles");
+
 const profileStatus = {
   PENDING: "PENDING",
   APPROVED: "APPROVED",
@@ -32,6 +34,16 @@ const USERS_PATCH_HANDLER_ERROR_MESSAGES = {
   },
 };
 
+export const ALL_USER_ROLES = [
+  ROLES.DEVELOPER,
+  ROLES.DESIGNER,
+  ROLES.PRODUCT_MANAGER,
+  ROLES.PROJECT_MANAGER,
+  ROLES.QA,
+  ROLES.SOCIAL_MEDIA,
+  ROLES.MAVEN,
+];
+
 const USERS_PATCH_HANDLER_SUCCESS_MESSAGES = {
   ARCHIVE_USERS: {
     SUCCESSFULLY_UPDATED_DATA: "Successfully updated users archived role to true if in_discord role is false",
@@ -64,4 +76,5 @@ module.exports = {
   discordNicknameLength,
   SIMULTANEOUS_WORKER_CALLS,
   MAX_USERNAME_LENGTH,
+  ALL_USER_ROLES
 };
diff --git a/controllers/auth.js b/controllers/auth.js
@@ -1,13 +1,16 @@
 const passport = require("passport");
+const config = require("config");
 const users = require("../models/users");
 const QrCodeAuthModel = require("../models/qrCodeAuth");
 const authService = require("../services/authService");
 const dataAccess = require("../services/dataAccessLayer");
+const logger = require("../utils/logger");
 const {
   SOMETHING_WENT_WRONG,
   DATA_ADDED_SUCCESSFULLY,
   USER_DOES_NOT_EXIST_ERROR,
 } = require("../constants/errorMessages");
+const ROLES = require("../constants/roles");
 
 const googleAuthLogin = (req, res, next) => {
   const { redirectURL } = req.query;
@@ -84,13 +87,10 @@ async function handleGoogleLogin(req, res, user, authRedirectionUrl) {
     };
 
     const userDataFromDB = await users.fetchUser({ email: userData.email });
-
-    if (userDataFromDB.userExists) {
-      if (userDataFromDB.user.roles?.developer) {
-        const errorMessage = encodeURIComponent("Google login is restricted for developer role.");
-        const separator = authRedirectionUrl.search ? "&" : "?";
-        return res.redirect(`${authRedirectionUrl}${separator}error=${errorMessage}`);
-      }
+    if (userDataFromDB.userExists && userDataFromDB.user?.role === ROLES.DEVELOPER) {
+      return res.status(403).json({
+        message: "Google Login is restricted for developers,please use github Login",
+      });
     }
 
     const { userId, incompleteUserDetails } = await users.addOrUpdate(userData);
@@ -187,6 +187,14 @@ const githubAuthCallback = (req, res, next) => {
         }
       }
 
+      const userDataFromDB = await users.fetchUser({ email: userData.email });
+      const userRole = userDataFromDB.user?.role;
+      if (userDataFromDB.userExists && userRole && userRole !== ROLES.DEVELOPER) {
+        return res.status(403).json({
+          message: "Github Login is restricted for non-developers,please use Google Login",
+        });
+      }
+
       const { userId, incompleteUserDetails, role } = await users.addOrUpdate(userData);
 
       const token = authService.generateAuthToken({ userId });
diff --git a/controllers/users.js b/controllers/users.js
@@ -470,23 +470,38 @@ const getSelfDetails = async (req, res) => {
  * @param res {Object} - Express response object
  */
 
-const updateSelf = async (req, res) => {
+const updateSelf = async (req, res, next) => {
   try {
-    const { id: userId, roles: userRoles, discordId } = req.userData;
+    const { id: userId, roles: userRoles, discordId, incompleteUserDetails, role: existingRole } = req.userData;
     const devFeatureFlag = req.query.dev === "true";
     const { user } = await dataAccess.retrieveUsers({ id: userId });
+    const { first_name: firstName, last_name: lastName, role } = req.body;
     let rolesToDisable = [];
 
-    if (req.body.username) {
-      if (!user.incompleteUserDetails) {
-        return res.boom.forbidden("Cannot update username again");
+    if (devFeatureFlag) {
+      if (req.body.username) {
+        return res.boom.forbidden("You are not authorized to perform this operation");
       }
-      await userQuery.setIncompleteUserDetails(userId);
-    }
-
-    if (req.body.roles) {
-      if (user && (user.roles.in_discord || user.roles.developer)) {
-        return res.boom.forbidden("Cannot update roles");
+      const username = await userService.validateUserSignup(
+        userId,
+        incompleteUserDetails,
+        firstName,
+        lastName,
+        role,
+        existingRole
+      );
+      if (username) {
+        req.body.username = username;
+      }
+    } else {
+      if (req.body?.username) {
+        if (!user.incompleteUserDetails) {
+          return res.boom.forbidden("Cannot update username again");
+        }
+        await userQuery.setIncompleteUserDetails(userId);
+      }
+      if (role) {
+        return res.boom.forbidden("You are not authorized to perform this operation");
       }
     }
 
@@ -542,7 +557,7 @@ const updateSelf = async (req, res) => {
     return res.boom.notFound("User not found");
   } catch (error) {
     logger.error(`Error while updating user: ${error}`);
-    return res.boom.serverUnavailable(SOMETHING_WENT_WRONG);
+    return next(error);
   }
 };
 
@@ -1118,15 +1133,15 @@ const updateUsernames = async (req, res) => {
   }
 };
 
-const updateProfile = async (req, res) => {
+const updateProfile = async (req, res, next) => {
   try {
     const { id: currentUserId, roles = {} } = req.userData;
     const isSelf = req.params.userId === currentUserId;
     const isSuperUser = roles[ROLES.SUPERUSER];
     const profile = req.query.profile === "true";
 
-    if (isSelf && profile && req.query.dev === "true") {
-      return await updateSelf(req, res);
+    if (isSelf && profile) {
+      return await updateSelf(req, res, next);
     } else if (isSuperUser) {
       return await updateUser(req, res);
     }
diff --git a/middlewares/validators/user.js b/middlewares/validators/user.js
@@ -5,6 +5,7 @@ const {
   USER_STATUS,
   USERS_PATCH_HANDLER_ACTIONS,
   USERS_PATCH_HANDLER_ERROR_MESSAGES,
+  ALL_USER_ROLES,
 } = require("../../constants/users");
 const ROLES = require("../../constants/roles");
 const { IMAGE_VERIFICATION_TYPES } = require("../../constants/imageVerificationTypes");
@@ -52,11 +53,10 @@ const updateUser = async (req, res, next) => {
         .optional(),
       discordId: joi.string().optional(),
       disabledRoles: joi.array().items(joi.string().valid("super_user", "member")).optional(),
-      roles: joi.object().keys({
-        designer: joi.boolean().optional(),
-        maven: joi.boolean().optional(),
-        product_manager: joi.boolean().optional(),
-      }),
+      role: joi
+        .string()
+        .valid(...Object.values(ALL_USER_ROLES))
+        .optional(),
     });
 
   try {
diff --git a/services/users.js b/services/users.js
@@ -2,6 +2,9 @@ const firestore = require("../utils/firestore");
 const { formatUsername } = require("../utils/username");
 const userModel = firestore.collection("users");
 const tasksModel = require("../models/tasks");
+const userQuery = require("../models/users");
+const { ALL_USER_ROLES } = require("../constants/users");
+const Forbidden = require("http-errors").Forbidden;
 
 const getUsersWithIncompleteTasks = async (users) => {
   if (users.length === 0) return [];
@@ -46,7 +49,43 @@ const generateUniqueUsername = async (firstName, lastName) => {
   }
 };
 
+/**
+ * Validates user signup details and handles incomplete user details flow.
+ *
+ * @async
+ * @function validateUserSignup
+ * @param {string} userId - The id for the user.
+ * @param {boolean} incompleteUserDetails - Indicates if the user has incomplete details.
+ * @param {string|null} firstName - The user's first name.
+ * @param {string|null} lastName - The user's last name.
+ * @param {string|null} role - The role to assign to the user.
+ * @param {string|null} existingRole - The user's existing role, if any.
+ * @returns {Promise<string|null>} Returns a generated username if incompleteUserDetails is true and all required fields are present, otherwise undefined.
+ */
+
+const validateUserSignup = async (userId, incompleteUserDetails, firstName, lastName, role, existingRole) => {
+  try {
+    if (!incompleteUserDetails) {
+      const alreadyHasRole = existingRole && ALL_USER_ROLES.includes(existingRole);
+      if (role && alreadyHasRole) {
+        throw new Forbidden("Cannot update role again");
+      }
+      return null;
+    }
+    if (!firstName || !lastName || !role) {
+      throw new Forbidden("You are not authorized to perform this operation");
+    }
+    const username = await generateUniqueUsername(firstName, lastName);
+    await userQuery.setIncompleteUserDetails(userId);
+    return username;
+  } catch (err) {
+    logger.error(`Error while validating user signup: ${err.message}`);
+    throw err;
+  }
+};
+
 module.exports = {
   generateUniqueUsername,
   getUsersWithIncompleteTasks,
+  validateUserSignup,
 };
diff --git a/test/config/test.js b/test/config/test.js
@@ -59,6 +59,7 @@ module.exports = {
     },
     rdsUi: {
       baseUrl: "https://realdevsquad.com",
+      newSignupUrl: "https://my.realdevsquad.com/new-signup",
       routes: {
         authRedirection: "/goto",
       },
diff --git a/test/fixtures/auth/googleUserInfo.js b/test/fixtures/auth/googleUserInfo.js
@@ -35,6 +35,7 @@ module.exports = () => {
         in_discord: true,
         archived: false,
       },
+      role: "designer",
       incompleteUserDetails: false,
       updated_at: Date.now(),
       created_at: Date.now(),
@@ -65,10 +66,10 @@ module.exports = () => {
     {
       email: "test123@gmail.com",
       roles: {
-        developer: true,
         in_discord: true,
         archived: false,
       },
+      role: "developer",
       incompleteUserDetails: false,
       updated_at: Date.now(),
       created_at: Date.now(),
diff --git a/test/fixtures/user/user.js b/test/fixtures/user/user.js
@@ -25,6 +25,7 @@ module.exports = () => {
       email: "abc@gmail.com",
       discordJoinedAt: "2023-04-06T01:47:34.488000+00:00",
       joined_discord: "2023-01-13T18:21:09.278000+00:00",
+      role: "developer",
       roles: {
         member: true,
         in_discord: true,
@@ -60,6 +61,7 @@ module.exports = () => {
       },
       nickname_synced: false,
       profileStatus: "BLOCKED",
+      incompleteUserDetails: false,
     },
     {
       username: "pranavg",
@@ -95,10 +97,12 @@ module.exports = () => {
       github_display_name: "Sagar Bajpai",
       phone: "1234567890",
       email: "abc1@gmail.com",
+      incompleteUserDetails: false,
       status: "active",
       tokens: {
         githubAccessToken: "githubAccessToken",
       },
+      role: "designer",
       roles: {
         restricted: false,
         app_owner: true,
@@ -175,6 +179,8 @@ module.exports = () => {
         githubAccessToken: "githubAccessToken",
       },
       status: "active",
+      incompleteUserDetails: true,
+      role: "developer",
       roles: {
         member: true,
         archived: false,
diff --git a/test/integration/auth.test.js b/test/integration/auth.test.js
@@ -5,6 +5,7 @@ const chaiHttp = require("chai-http");
 const passport = require("passport");
 const app = require("../../server");
 const cleanDb = require("../utils/cleanDb");
+const config = require("config");
 const { generateGithubAuthRedirectUrl } = require("..//utils/github");
 const { generateGoogleAuthRedirectUrl, stubPassportAuthenticate } = require("..//utils/googleauth");
 const { addUserToDBForTest } = require("../../utils/users");
@@ -404,7 +405,7 @@ describe("auth", function () {
       });
   });
 
-  it("should redirect the google user to login page if the user is a developer", async function () {
+  it("should return 403 Forbidden if a developer tries to log in using google", async function () {
     await addUserToDBForTest(googleUserInfo[3]);
     const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl")).href;
     stubPassportAuthenticate(googleUserInfo[2]);
@@ -414,20 +415,19 @@ describe("auth", function () {
       .get("/auth/google/callback")
       .query({ code: "codeReturnedByGoogle", state: rdsUiUrl })
       .redirects(0);
-    expect(res).to.have.status(302);
-    const errorMessage = "Google login is restricted for developer role.";
-    const expectedUrl = `https://realdevsquad.com/?error=${encodeURIComponent(errorMessage)}`;
-    expect(res.headers.location).to.equal(expectedUrl);
+    expect(res).to.have.status(403);
+    const errorMessage = "Google Login is restricted for developers,please use github Login";
+    expect(res.body.message).to.equal(errorMessage);
   });
 
-  it("should log in existing google user with same email via github OAuth", async function () {
-    await addUserToDBForTest(googleUserInfo[1]);
+  it("should return 403 Forbidden if a non-developer tries to login using github", async function () {
+    await addUserToDBForTest(userData[3]);
     const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl")).href;
     const userInfoFromGitHub = {
       ...githubUserInfo[0],
       _json: {
         ...githubUserInfo[0]._json,
-        email: "test12@gmail.com",
+        email: "abc1@gmail.com",
       },
     };
     stubPassportAuthenticate(userInfoFromGitHub);
@@ -437,13 +437,14 @@ describe("auth", function () {
       .get("/auth/github/callback")
       .query({ code: "codeReturnedByGithub", state: rdsUiUrl })
       .redirects(0);
-    expect(res).to.have.status(302);
-    expect(res.headers.location).to.equal(rdsUiUrl);
+    expect(res).to.have.status(403);
+    const errorMessage = "Github Login is restricted for non-developers,please use Google Login";
+    expect(res.body.message).to.equal(errorMessage);
   });
 
-  it("should log in existing github user with same email via google OAuth", async function () {
-    await addUserToDBForTest(userData[0]);
-    const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl")).href;
+  it("should log in existing github user with no role and same email via google OAuth", async function () {
+    await addUserToDBForTest(userData[1]);
+    const newSignupUrl = new URL(config.get("services.rdsUi.newSignupUrl")).href;
     const userInfoFromGoogle = {
       ...googleUserInfo[0],
       emails: [{ value: "abc@gmail.com", verified: true }],
@@ -453,10 +454,10 @@ describe("auth", function () {
     const res = await chai
       .request(app)
       .get("/auth/google/callback")
-      .query({ code: "codeReturnedByGoogle", state: rdsUiUrl })
+      .query({ code: "codeReturnedByGoogle", state: newSignupUrl })
       .redirects(0);
     expect(res).to.have.status(302);
-    expect(res.headers.location).to.equal(rdsUiUrl);
+    expect(res.headers.location).to.equal(newSignupUrl);
   });
 
   it("should get the verified email and redirect the google user to the goto page on successful login", async function () {
diff --git a/test/integration/users.test.js b/test/integration/users.test.js
diff --git a/test/unit/middlewares/user-validator.test.js b/test/unit/middlewares/user-validator.test.js
diff --git a/test/unit/services/users.test.js b/test/unit/services/users.test.js
