fix: remove gitAccount and fix authorise push route conflicts

fix: return on /create-user
fix: cast res,data to Boolean in ldaHelper

Author: jescalada

src/service/passport/ldaphelper.ts

@@ -57,7 +57,7 @@ const isUserInAdGroupViaHttp = (id: string, domain: string, name: string): Promi
   console.log(`checking if user is in group ${url}`);
   return client
     .get(url)
-    .then((res) => res.data)
+    .then((res) => Boolean(res.data))
     .catch(() => {
       return false;
     });

src/service/routes/auth.ts

@@ -216,6 +216,7 @@ router.post('/create-user', async (req: Request, res: Response) => {
       res.status(400).send({
         message: 'Missing required fields: username, password, email, and gitAccount are required',
       });
+      return;
     }
 
     await db.createUser(username, password, email, gitAccount, isAdmin);

src/service/routes/push.ts

@@ -99,11 +99,12 @@ router.post('/:id/authorise', async (req: Request, res: Response) => {
 
     const { username } = req.user as { username: string };
 
-    const push = await getValidPushOrRespond(id, res);
-    if (!push) return;
+    // Get the push request
+    const push = await db.getPush(id);
+    console.log({ push });
 
     // Get the committer of the push via their email address
-    const committerEmail = push.userEmail;
+    const committerEmail = push?.userEmail;
     const list = await db.getUsers({ email: committerEmail });
     console.log({ list });
 
@@ -121,40 +122,39 @@ router.post('/:id/authorise', async (req: Request, res: Response) => {
       return;
     }
 
-    // If we are not the author, now check that we are allowed to authorise on this repo
+    // If we are not the author, now check that we are allowed to authorise on this
+    // repo
     const isAllowed = await db.canUserApproveRejectPush(id, username);
-    if (!isAllowed) {
+    if (isAllowed) {
+      console.log(`user ${username} approved push request for ${id}`);
+
+      const reviewerList = await db.getUsers({ username });
+      console.log({ reviewerList });
+
+      const reviewerGitAccount = reviewerList[0].gitAccount;
+      console.log({ reviewerGitAccount });
+
+      if (!reviewerGitAccount) {
+        res.status(401).send({
+          message: 'You must associate a GitHub account with your user before approving...',
+        });
+        return;
+      }
+
+      const attestation = {
+        questions,
+        timestamp: new Date(),
+        reviewer: {
+          username,
+        },
+      };
+      const result = await db.authorise(id, attestation);
+      res.send(result);
+    } else {
       res.status(401).send({
-        message: 'User is not authorised to authorise changes',
+        message: `user ${username} not authorised to approve push's on this project`,
       });
-      return;
     }
-
-    console.log(`user ${username} approved push request for ${id}`);
-
-    const reviewerList = await db.getUsers({ username });
-    console.log({ reviewerList });
-
-    const reviewerGitAccount = reviewerList[0].gitAccount;
-    console.log({ reviewerGitAccount });
-
-    if (!reviewerGitAccount) {
-      res.status(401).send({
-        message: 'You must associate a GitHub account with your user before approving...',
-      });
-      return;
-    }
-
-    const attestation = {
-      questions,
-      timestamp: new Date(),
-      reviewer: {
-        username,
-        gitAccount: reviewerGitAccount,
-      },
-    };
-    const result = await db.authorise(id, attestation);
-    res.send(result);
   } else {
     res.status(401).send({
       message: 'You are unauthorized to perform this action...',