Merge pull request 'Alpha release 0.4.4' (#142) from dev into main

Reviewed-on: #142
Reviewed-by: Philipp Dormann <philipp@philippdormann.de>

CHANGELOG.md

@@ -2,8 +2,33 @@
 
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 
+#### [v0.4.4](https://git.odit.services/lfk/backend/compare/v0.4.3...v0.4.4)
+
+- 🧾New changelog file version [CI SKIP] [skip ci] [`ca3d093`](https://git.odit.services/lfk/backend/commit/ca3d093e54bfaaa77c97e96738a74eeb25aee440)
+- Now loading runner's group's parentgroup with every runner controller request [`701706c`](https://git.odit.services/lfk/backend/commit/701706c0289b357439608b4e2eaa66c617d16e9d)
+- 🚀Bumped version to v0.4.4 [`a6f73c7`](https://git.odit.services/lfk/backend/commit/a6f73c733c8cfc8d84beb7e0bbd5bcd1313df9d0)
+- Merge pull request 'Expanded runner response feature/140-runner_group_parent' (#141) from feature/140-runner_group_parent into dev [`28cfbaa`](https://git.odit.services/lfk/backend/commit/28cfbaa6624d0bc65e2a9b72ffed17060e828735)
+- The group/runners endpoints now also deliver the runner's group's parentGroup [`906a1dc`](https://git.odit.services/lfk/backend/commit/906a1dc9e79ea4eb298a561cf98e6ae42b3ae4ec)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`09bbc70`](https://git.odit.services/lfk/backend/commit/09bbc70f5fd1f026148be07fe889a6907bc3f75a)
+- Adjusted test for the new response depth [`90e1ad7`](https://git.odit.services/lfk/backend/commit/90e1ad7db72732d13002c87461c33560b74befa6)
+- Adjusted test for the new response depth [`5872c63`](https://git.odit.services/lfk/backend/commit/5872c6335be573d849cdc3746b261c6cf476c3de)
+
+#### [v0.4.3](https://git.odit.services/lfk/backend/compare/v0.4.2...v0.4.3)
+
+> 7 February 2021
+
+- Merge pull request 'Alpha Release 0.4.3' (#139) from dev into main [`dd9cb6d`](https://git.odit.services/lfk/backend/commit/dd9cb6d3ef60cb118391abc2ba17fd0f83db0b1c)
+- 🚀Bumped version to v0.4.3 [`656d564`](https://git.odit.services/lfk/backend/commit/656d564baa8c8bf1f63523b0301ad9ff23e08aa4)
+- Bugfix for @lfk/frontend/#43 [`8f0a396`](https://git.odit.services/lfk/backend/commit/8f0a396dd07937fb7ccfb345d1acbac86eb5d9bb)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`f3f5cb4`](https://git.odit.services/lfk/backend/commit/f3f5cb462e4ecf932ad55eb519815222b4e5dd17)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`23c732b`](https://git.odit.services/lfk/backend/commit/23c732b6905cc9f6479a53a7744b72d01e345ecb)
+- Merge pull request 'Bugfix for @lfk/frontend/#43' (#138) from bugfix/118-encode_jwt_in_mail into dev [`9959172`](https://git.odit.services/lfk/backend/commit/9959172f2ae11cbb7a2b8e97bad432956fc70a80)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a18d4d3`](https://git.odit.services/lfk/backend/commit/a18d4d3cee58f8eb9dc428b051a2394bd3ece5c2)
+
 #### [v0.4.2](https://git.odit.services/lfk/backend/compare/v0.4.1...v0.4.2)
 
+> 2 February 2021
+
 - Merge pull request 'Alpha Release 0.4.2' (#137) from dev into main [`390b36d`](https://git.odit.services/lfk/backend/commit/390b36dfd46cf8829126581bd62dd3d4ce8558fa)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`3b718f3`](https://git.odit.services/lfk/backend/commit/3b718f3ce58f12007b6068e5db00a00dbe1c5398)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`f7a0ec7`](https://git.odit.services/lfk/backend/commit/f7a0ec7174521b1863a4bc58c7ff2b86cafdee66)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@odit/lfk-backend",
-  "version": "0.4.2",
+  "version": "0.4.4",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {

src/config.ts

@@ -11,7 +11,7 @@ export const config = {
     postalcode_validation_countrycode: getPostalCodeLocale(),
     version: process.env.VERSION || require('../package.json').version,
     seedTestData: getDataSeeding(),
-    app_url: process.env.APP_URL || "http://localhost:4010",
+    app_url: process.env.APP_URL || "http://localhost:8080",
     mail_server: process.env.MAIL_SERVER,
     mail_port: Number(process.env.MAIL_PORT) || 25,
     mail_user: process.env.MAIL_USER,

src/controllers/AuthController.ts

@@ -1,110 +1,110 @@
-import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
+import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
+import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
-import { UserNotFoundError } from '../errors/UserErrors';
+import { UserNotFoundError } from '../errors/UserErrors';
-import { Mailer } from '../mailer';
+import { Mailer } from '../mailer';
-import { CreateAuth } from '../models/actions/create/CreateAuth';
+import { CreateAuth } from '../models/actions/create/CreateAuth';
-import { CreateResetToken } from '../models/actions/create/CreateResetToken';
+import { CreateResetToken } from '../models/actions/create/CreateResetToken';
-import { HandleLogout } from '../models/actions/HandleLogout';
+import { HandleLogout } from '../models/actions/HandleLogout';
-import { RefreshAuth } from '../models/actions/RefreshAuth';
+import { RefreshAuth } from '../models/actions/RefreshAuth';
-import { ResetPassword } from '../models/actions/ResetPassword';
+import { ResetPassword } from '../models/actions/ResetPassword';
-import { ResponseAuth } from '../models/responses/ResponseAuth';
+import { ResponseAuth } from '../models/responses/ResponseAuth';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { Logout } from '../models/responses/ResponseLogout';
+import { Logout } from '../models/responses/ResponseLogout';
-
+
-@JsonController('/auth')
+@JsonController('/auth')
-export class AuthController {
+export class AuthController {
-
+
-	private mailer: Mailer;
+	private mailer: Mailer;
-
+
-	constructor() {
+	constructor() {
-		this.mailer = new Mailer();
+		this.mailer = new Mailer();
-	}
+	}
-
+
-	@Post("/login")
+	@Post("/login")
-	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
+	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
-	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
+	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
-		let auth;
+		let auth;
-		try {
+		try {
-			auth = await createAuth.toAuth();
+			auth = await createAuth.toAuth();
-			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			return response.send(auth)
+			return response.send(auth)
-		} catch (error) {
+		} catch (error) {
-			throw error;
+			throw error;
-		}
+		}
-	}
+	}
-
+
-	@Post("/logout")
+	@Post("/logout")
-	@ResponseSchema(Logout)
+	@ResponseSchema(Logout)
-	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
+	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
-	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
-		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
+		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
-			handleLogout.token = refresh_token;
+			handleLogout.token = refresh_token;
-		}
+		}
-
+
-		let logout;
+		let logout;
-		try {
+		try {
-			logout = await handleLogout.logout()
+			logout = await handleLogout.logout()
-			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
+			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
-		} catch (error) {
+		} catch (error) {
-			throw error;
+			throw error;
-		}
+		}
-		return response.send(logout)
+		return response.send(logout)
-	}
+	}
-
+
-	@Post("/refresh")
+	@Post("/refresh")
-	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(JwtNotProvidedError)
+	@ResponseSchema(JwtNotProvidedError)
-	@ResponseSchema(IllegalJWTError)
+	@ResponseSchema(IllegalJWTError)
-	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(RefreshTokenCountInvalidError)
+	@ResponseSchema(RefreshTokenCountInvalidError)
-	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
+	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
+	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
-		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
+		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
-			refreshAuth.token = refresh_token;
+			refreshAuth.token = refresh_token;
-		}
+		}
-		let auth;
+		let auth;
-		try {
+		try {
-			auth = await refreshAuth.toAuth();
+			auth = await refreshAuth.toAuth();
-			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-		} catch (error) {
+		} catch (error) {
-			throw error;
+			throw error;
-		}
+		}
-		return response.send(auth)
+		return response.send(auth)
-	}
+	}
-
+
-	@Post("/reset")
+	@Post("/reset")
-	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
-	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
-	@ResponseSchema(UsernameOrEmailNeededError, { statusCode: 406 })
+	@ResponseSchema(UsernameOrEmailNeededError, { statusCode: 406 })
-	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
+	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
-	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
+	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
-		const reset_token: String = await passwordReset.toResetToken();
+		const reset_token: string = await passwordReset.toResetToken();
-		await this.mailer.sendResetMail(passwordReset.email, reset_token);
+		await this.mailer.sendResetMail(passwordReset.email, reset_token);
-		return new ResponseEmpty();
+		return new ResponseEmpty();
-	}
+	}
-
+
-	@Post("/reset/:token")
+	@Post("/reset/:token")
-	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(UsernameOrEmailNeededError)
-	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
+	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
-	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
+	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
-		passwordReset.resetToken = token;
+		passwordReset.resetToken = token;
-		return await passwordReset.resetPassword();
+		return await passwordReset.resetPassword();
-	}
+	}
-}
+}

src/controllers/RunnerController.ts

@@ -32,7 +32,7 @@ export class RunnerController {
 	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
 	async getAll() {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});
@@ -46,7 +46,7 @@ export class RunnerController {
 	@OnUndefined(RunnerNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] })
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
 		return new ResponseRunner(runner);
 	}
@@ -91,7 +91,7 @@ export class RunnerController {
 		}
 
 		runner = await this.runnerRepository.save(runner)
-		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
 	}
 
 	@Put('/:id')
@@ -112,7 +112,7 @@ export class RunnerController {
 		}
 
 		await this.runnerRepository.save(await runner.update(oldRunner));
-		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
 	}
 
 	@Delete('/:id')
@@ -125,7 +125,7 @@ export class RunnerController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }
-		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
 
 		if (!runner) {
 			throw new RunnerNotFoundError();

src/controllers/RunnerOrganizationController.ts

@@ -58,8 +58,8 @@ export class RunnerOrganizationController {
 	async getRunners(@Param('id') id: number, @QueryParam('onlyDirect') onlyDirect: boolean) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		let runners: Runner[];
-		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
+		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.group.parentGroup', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
-		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track'] })).runners; }
+		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners; }
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});

src/controllers/RunnerTeamController.ts

@@ -55,7 +55,7 @@ export class RunnerTeamController {
 	@OpenAPI({ description: 'Lists all runners from this team. <br> This includes the runner\'s group and distance ran.' })
 	async getRunners(@Param('id') id: number) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track'] })).runners;
+		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners;
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});

src/mailer.ts

@@ -38,8 +38,8 @@ export class Mailer {
      * @param to_address The address the mail will be sent to. Should always get pulled from a user object.
      * @param token The requested password reset token - will be combined with the app_url to generate a password reset link.
      */
-    public async sendResetMail(to_address: string, token: String) {
+    public async sendResetMail(to_address: string, token: string) {
-        const reset_link = `${config.app_url}/reset/${token}`
+        const reset_link = `${config.app_url}/reset/${(Buffer.from(token)).toString("base64")}`
         const body_html = fs.readFileSync(__dirname + '/static/mail_templates/pw-reset.html', { encoding: 'utf8' }).replace("{{reset_link}}", reset_link).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
         const body_txt = fs.readFileSync(__dirname + '/static/mail_templates/pw-reset.html', { encoding: 'utf8' }).replace("{{reset_link}}", reset_link).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
 

src/models/actions/create/CreateResetToken.ts

@@ -23,7 +23,7 @@ export class CreateResetToken {
     /**
      * Create a password reset token based on this.
      */
-    public async toResetToken(): Promise<any> {
+    public async toResetToken(): Promise<string> {
         if (!this.email) {
             throw new UserEmailNeededError();
         }
@@ -37,7 +37,7 @@ export class CreateResetToken {
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         //Create the reset token
-        let reset_token = JwtCreator.createReset(found_user);
+        let reset_token: string = JwtCreator.createReset(found_user);
 
         return reset_token;
     }