lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

Merge pull request 'New user features feature/93-user_endpoints' (#95) from feature/93-user_endpoints into dev
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
Reviewed-on: #95
This commit is contained in:
Nicolai Ort 2021-01-13 17:30:25 +00:00
commit 7b5ebab453
11 changed files with 133 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/controllers/UserController.ts
View File

@ -1,13 +1,14 @@
import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers'; import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi'; import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { getConnectionManager, Repository } from 'typeorm'; import { getConnectionManager, Repository } from 'typeorm';
import { UserIdsNotMatchingError, UserNotFoundError } from '../errors/UserErrors'; import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
import { UserGroupNotFoundError } from '../errors/UserGroupErrors'; import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
import { CreateUser } from '../models/actions/create/CreateUser'; import { CreateUser } from '../models/actions/create/CreateUser';
import { UpdateUser } from '../models/actions/update/UpdateUser'; import { UpdateUser } from '../models/actions/update/UpdateUser';
import { User } from '../models/entities/User'; import { User } from '../models/entities/User';
import { ResponseEmpty } from '../models/responses/ResponseEmpty'; import { ResponseEmpty } from '../models/responses/ResponseEmpty';
import { ResponseUser } from '../models/responses/ResponseUser'; import { ResponseUser } from '../models/responses/ResponseUser';
import { ResponseUserPermissions } from '../models/responses/ResponseUserPermissions';
import { PermissionController } from './PermissionController'; import { PermissionController } from './PermissionController';
@ -26,7 +27,7 @@ export class UserController {
@Get() @Get()
@Authorized("USER:GET") @Authorized("USER:GET")
@ResponseSchema(ResponseUser, { isArray: true }) @ResponseSchema(ResponseUser, { isArray: true })
@OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions directly granted to them (if existing/associated).' }) @OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions granted to them.' })
async getAll() { async getAll() {
let responseUsers: ResponseUser[] = new Array<ResponseUser>(); let responseUsers: ResponseUser[] = new Array<ResponseUser>();
const users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] }); const users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
@ -41,17 +42,30 @@ export class UserController {
@ResponseSchema(ResponseUser) @ResponseSchema(ResponseUser)
@ResponseSchema(UserNotFoundError, { statusCode: 404 }) @ResponseSchema(UserNotFoundError, { statusCode: 404 })
@OnUndefined(UserNotFoundError) @OnUndefined(UserNotFoundError)
@OpenAPI({ description: 'Lists all information about the user whose id got provided. <br> Please remember that only permissions granted directly to the user will show up here, not permissions inherited from groups.' }) @OpenAPI({ description: 'Lists all information about the user whose id got provided. <br> Please remember that all permissions granted to the user will show up here.' })
async getOne(@Param('id') id: number) { async getOne(@Param('id') id: number) {
let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions'] }) let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions'] })
if (!user) { throw new UserNotFoundError(); } if (!user) { throw new UserNotFoundError(); }
return new ResponseUser(user); return new ResponseUser(user);
} }
@Get('/:id/permissions')
@Authorized("USER:GET")
@ResponseSchema(ResponseUser)
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
@OnUndefined(UserNotFoundError)
@OpenAPI({ description: 'Lists all permissions granted to the user sorted into directly granted and inherited as permission response objects.' })
async getPermissions(@Param('id') id: number) {
let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions', 'permissions.principal', 'groups.permissions.principal'] })
if (!user) { throw new UserNotFoundError(); }
return new ResponseUserPermissions(user);
}
@Post() @Post()
@Authorized("USER:CREATE") @Authorized("USER:CREATE")
@ResponseSchema(ResponseUser) @ResponseSchema(ResponseUser)
@ResponseSchema(UserGroupNotFoundError) @ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' }) @OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
async post(@Body({ validate: true }) createUser: CreateUser) { async post(@Body({ validate: true }) createUser: CreateUser) {
let user; let user;
@ -70,6 +84,7 @@ export class UserController {
@ResponseSchema(ResponseUser) @ResponseSchema(ResponseUser)
@ResponseSchema(UserNotFoundError, { statusCode: 404 }) @ResponseSchema(UserNotFoundError, { statusCode: 404 })
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 }) @ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." }) @OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) { async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
let oldUser = await this.userRepository.findOne({ id: id }); let oldUser = await this.userRepository.findOne({ id: id });

26
src/errors/UserErrors.ts
View File

@ -4,7 +4,7 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';
/** /**
* Error to throw when no username or email is set. * Error to throw when no username or email is set.
* We somehow need to identify you :) * We somehow need to identify you on login.
*/ */
export class UsernameOrEmailNeededError extends NotFoundError { export class UsernameOrEmailNeededError extends NotFoundError {
@IsString() @IsString()
@ -14,6 +14,30 @@ export class UsernameOrEmailNeededError extends NotFoundError {
message = "No username or email is set!" message = "No username or email is set!"
} }
/**
* Error to throw when no username contains illegal characters.
* Right now the only one is "@" but this could change in the future.
*/
export class UsernameContainsIllegalCharacterError extends NotAcceptableError {
@IsString()
name = "UsernameContainsIllegalCharacterError"
@IsString()
message = "The provided username contains illegal characters! \n Right now the following characters are considered illegal: '@'"
}
/**
* Error to throw when no email is set.
* We somehow need to identify you :)
*/
export class UserEmailNeededError extends NotFoundError {
@IsString()
name = "UserEmailNeededError"
@IsString()
message = "No email is set! \n You have to provide email addresses for users (used for password reset among others)."
}
/** /**
* Error to throw when a user couldn't be found. * Error to throw when a user couldn't be found.
*/ */

16
src/models/actions/create/CreateUser.ts
View File

@ -1,9 +1,9 @@
import * as argon2 from "argon2"; import * as argon2 from "argon2";
import { IsBoolean, IsEmail, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator'; import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm'; import { getConnectionManager } from 'typeorm';
import * as uuid from 'uuid'; import * as uuid from 'uuid';
import { config } from '../../../config'; import { config } from '../../../config';
import { UsernameOrEmailNeededError } from '../../../errors/UserErrors'; import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors'; import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User'; import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup'; import { UserGroup } from '../../entities/UserGroup';
@ -33,7 +33,7 @@ export class CreateUser {
/** /**
* The new user's username. * The new user's username.
* You have to provide at least one of: {email, username}. * You have to provide a email addres, so this is optional.
*/ */
@IsOptional() @IsOptional()
@IsString() @IsString()
@ -41,12 +41,11 @@ export class CreateUser {
/** /**
* The new user's email address. * The new user's email address.
* You have to provide at least one of: {email, username}.
*/ */
@IsEmail() @IsEmail()
@IsString() @IsString()
@IsOptional() @IsNotEmpty()
email?: string; email: string;
/** /**
* The new user's phone number. * The new user's phone number.
@ -92,9 +91,10 @@ export class CreateUser {
public async toEntity(): Promise<User> { public async toEntity(): Promise<User> {
let newUser: User = new User(); let newUser: User = new User();
if (this.email === undefined && this.username === undefined) { if (!this.email) {
throw new UsernameOrEmailNeededError(); throw new UserEmailNeededError();
} }
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
newUser.email = this.email newUser.email = this.email
newUser.username = this.username newUser.username = this.username

21
src/models/actions/update/UpdateUser.ts
View File

@ -1,8 +1,8 @@
import * as argon2 from "argon2"; import * as argon2 from "argon2";
import { IsBoolean, IsEmail, IsInt, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator'; import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
import { getConnectionManager } from 'typeorm'; import { getConnectionManager } from 'typeorm';
import { config } from '../../../config'; import { config } from '../../../config';
import { UsernameOrEmailNeededError } from '../../../errors/AuthError'; import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors'; import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
import { User } from '../../entities/User'; import { User } from '../../entities/User';
import { UserGroup } from '../../entities/UserGroup'; import { UserGroup } from '../../entities/UserGroup';
@ -40,7 +40,7 @@ export class UpdateUser {
/** /**
* The updated user's username. * The updated user's username.
* You have to provide at least one of: {email, username}. * You have to provide a email addres, so this is optional.
*/ */
@IsOptional() @IsOptional()
@IsString() @IsString()
@ -48,12 +48,11 @@ export class UpdateUser {
/** /**
* The updated user's email address. * The updated user's email address.
* You have to provide at least one of: {email, username}.
*/ */
@IsEmail() @IsEmail()
@IsString() @IsString()
@IsOptional() @IsNotEmpty()
email?: string; email: string;
/** /**
* The updated user's phone number. * The updated user's phone number.
@ -99,16 +98,18 @@ export class UpdateUser {
* @param user The user that shall be updated. * @param user The user that shall be updated.
*/ */
public async update(user: User): Promise<User> { public async update(user: User): Promise<User> {
user.email = this.email; if (!this.email) {
user.username = this.username; throw new UserEmailNeededError();
if ((user.email === undefined || user.email === null) && (user.username === undefined || user.username === null)) {
throw new UsernameOrEmailNeededError();
} }
if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
if (this.password) { if (this.password) {
user.password = await argon2.hash(this.password + user.uuid); user.password = await argon2.hash(this.password + user.uuid);
user.refreshTokenCount = user.refreshTokenCount + 1; user.refreshTokenCount = user.refreshTokenCount + 1;
} }
user.email = this.email;
user.username = this.username;
user.enabled = this.enabled; user.enabled = this.enabled;
user.firstname = this.firstname user.firstname = this.firstname
user.middlename = this.middlename user.middlename = this.middlename

22
src/models/entities/User.ts
View File

@ -3,6 +3,7 @@ import { ChildEntity, Column, JoinTable, ManyToMany, OneToMany } from "typeorm";
import { config } from '../../config'; import { config } from '../../config';
import { ResponsePrincipal } from '../responses/ResponsePrincipal'; import { ResponsePrincipal } from '../responses/ResponsePrincipal';
import { ResponseUser } from '../responses/ResponseUser'; import { ResponseUser } from '../responses/ResponseUser';
import { Permission } from './Permission';
import { Principal } from './Principal'; import { Principal } from './Principal';
import { UserAction } from './UserAction'; import { UserAction } from './UserAction';
import { UserGroup } from './UserGroup'; import { UserGroup } from './UserGroup';
@ -25,9 +26,10 @@ export class User extends Principal {
* The user's e-mail address. * The user's e-mail address.
* Either username or email has to be set (otherwise the user couldn't log in). * Either username or email has to be set (otherwise the user couldn't log in).
*/ */
@Column({ nullable: true, unique: true }) @Column({ nullable: false, unique: true })
@IsEmail() @IsEmail()
email?: string; @IsNotEmpty()
email: string;
/** /**
* The user's phone number. * The user's phone number.
@ -128,8 +130,24 @@ export class User extends Principal {
@OneToMany(() => UserAction, action => action.user, { nullable: true }) @OneToMany(() => UserAction, action => action.user, { nullable: true })
actions: UserAction[] actions: UserAction[]
/**
* Resolves all permissions granted to this user through groups.
*/
public get inheritedPermissions(): Permission[] {
let returnPermissions: Permission[] = new Array<Permission>();
if (!this.groups) { return returnPermissions; }
for (let group of this.groups) {
for (let permission of group.permissions) {
returnPermissions.push(permission);
}
}
return returnPermissions;
}
/** /**
* Resolves all permissions granted to this user through groups or directly to the string enum format. * Resolves all permissions granted to this user through groups or directly to the string enum format.
* Also deduplicates the array.
*/ */
public get allPermissions(): string[] { public get allPermissions(): string[] {
let returnPermissions: string[] = new Array<string>(); let returnPermissions: string[] = new Array<string>();

1
src/models/responses/ResponseUser.ts
View File

@ -70,6 +70,7 @@ export class ResponseUser extends ResponsePrincipal {
/** /**
* The user's permissions. * The user's permissions.
* Directly granted or inherited converted to their string form and deduplicated.
*/ */
@IsArray() @IsArray()
@IsOptional() @IsOptional()

40
src/models/responses/ResponseUserPermissions.ts Normal file
View File

@ -0,0 +1,40 @@
import {
IsArray,
IsOptional
} from "class-validator";
import { User } from '../entities/User';
import { ResponsePermission } from './ResponsePermission';
/**
* Defines the user permission response (get /api/users/:id/permissions).
*/
export class ResponseUserPermissions {
/**
* The permissions directly granted to the user.
*/
@IsArray()
@IsOptional()
directlyGranted: ResponsePermission[] = new Array<ResponsePermission>();
/**
* The permissions directly inherited the user.
*/
@IsArray()
@IsOptional()
inherited: ResponsePermission[] = new Array<ResponsePermission>();
/**
* Creates a ResponseUserPermissions object from a user.
* @param user The user the response shall be build for.
*/
public constructor(user: User) {
for (let permission of user.permissions) {
this.directlyGranted.push(permission.toResponse());
}
for (let permission of user.inheritedPermissions) {
this.inherited.push(permission.toResponse());
}
}
}

1
src/seeds/SeedUsers.ts
View File

@ -33,6 +33,7 @@ export default class SeedUsers implements Seeder {
initialUser.lastname = "demo"; initialUser.lastname = "demo";
initialUser.username = "demo"; initialUser.username = "demo";
initialUser.password = "demo"; initialUser.password = "demo";
initialUser.email = "demo@dev.lauf-fuer-kaya.de"
initialUser.groups = group; initialUser.groups = group;
return await connection.getRepository(User).save(await initialUser.toEntity()); return await connection.getRepository(User).save(await initialUser.toEntity());
} }

3
src/tests/auth/auth_logout.spec.ts
View File

@ -14,7 +14,8 @@ beforeAll(async () => {
"middlename": "demo_logout", "middlename": "demo_logout",
"lastname": "demo_logout", "lastname": "demo_logout",
"username": "demo_logout", "username": "demo_logout",
"password": "demo_logout" "password": "demo_logout",
"email": "demo_logout@dev.lauf-fuer-kaya.de"
}, { }, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] }, headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined validateStatus: undefined

3
src/tests/auth/auth_refresh.spec.ts
View File

@ -14,7 +14,8 @@ beforeAll(async () => {
"middlename": "demo_refresh", "middlename": "demo_refresh",
"lastname": "demo_refresh", "lastname": "demo_refresh",
"username": "demo_refresh", "username": "demo_refresh",
"password": "demo_refresh" "password": "demo_refresh",
"email": "demo_refresh@dev.lauf-fuer-kaya.de"
}, { }, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] }, headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined validateStatus: undefined

6
src/tests/auth/auth_reset.spec.ts
View File

@ -14,7 +14,8 @@ beforeAll(async () => {
"middlename": "demo_reset", "middlename": "demo_reset",
"lastname": "demo_reset", "lastname": "demo_reset",
"username": "demo_reset", "username": "demo_reset",
"password": "demo_reset" "password": "demo_reset",
"email": "demo_reset@dev.lauf-fuer-kaya.de"
}, { }, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] }, headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined validateStatus: undefined
@ -24,7 +25,8 @@ beforeAll(async () => {
"middlename": "demo_reset2", "middlename": "demo_reset2",
"lastname": "demo_reset2", "lastname": "demo_reset2",
"username": "demo_reset2", "username": "demo_reset2",
"password": "demo_reset2" "password": "demo_reset2",
"email": "demo_reset1@dev.lauf-fuer-kaya.de"
}, { }, {
headers: { "authorization": "Bearer " + res_login.data["access_token"] }, headers: { "authorization": "Bearer " + res_login.data["access_token"] },
validateStatus: undefined validateStatus: undefined