src/routes/user.js

'use strict';

exports = module.exports = {
    get: get,
    update: update,
    list: list,
    create: create,
    remove: remove,
    verifyPassword: verifyPassword,
    requireAdmin: requireAdmin,
    sendInvite: sendInvite,
    setGroups: setGroups
};

var assert = require('assert'),
    clients = require('../clients.js'),
    generatePassword = require('../password.js').generate,
    groups = require('../groups.js'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    oauth2 = require('./oauth2.js'),
    user = require('../user.js'),
    tokendb = require('../tokendb.js'),
    UserError = user.UserError,
    _ = require('underscore');

function auditSource(req) {
    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
    return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };
}

function create(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
    if (typeof req.body.invite !== 'boolean') return next(new HttpError(400, 'invite must be boolean'));
    if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));
    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    var password = generatePassword();
    var email = req.body.email;
    var sendInvite = req.body.invite;
    var username = req.body.username || '';
    var displayName = req.body.displayName || '';

    user.create(username, password, email, displayName, auditSource(req), { invitor: req.user, sendInvite: sendInvite }, function (error, user) {
        if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === UserError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
        if (error) return next(new HttpError(500, error));

        var userInfo = {
            id: user.id,
            username: user.username,
            displayName: user.displayName,
            email: user.email,
            admin: user.admin,
            groupIds: [ ],
            resetToken: user.resetToken
        };

        next(new HttpSuccess(201, userInfo ));
    });
}

function update(req, res, next) {
    assert.strictEqual(typeof req.params.userId, 'string');
    assert.strictEqual(typeof req.user, 'object');
    assert.strictEqual(typeof req.body, 'object');

    if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));
    if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be a string'));

    if (req.user.id !== req.params.userId && !req.user.admin) return next(new HttpError(403, 'Not allowed'));

    user.update(req.params.userId, req.body, auditSource(req), function (error) {
        if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === UserError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204));
    });
}

function list(req, res, next) {
    user.list(function (error, results) {
        if (error) return next(new HttpError(500, error));

        var users = results.map(function (result) {
            return _.pick(result, 'id', 'username', 'email', 'displayName', 'groupIds', 'admin');
        });

        next(new HttpSuccess(200, { users: users }));
    });
}

function get(req, res, next) {
    assert.strictEqual(typeof req.params.userId, 'string');
    assert.strictEqual(typeof req.user, 'object');

    if (req.user.id !== req.params.userId && !req.user.admin) return next(new HttpError(403, 'Not allowed'));

    user.get(req.params.userId, function (error, result) {
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(200, {
            id: result.id,
            username: result.username,
            displayName: result.displayName,
            email: result.email,
            admin: result.admin,
            groupIds: result.groupIds
        }));
    });
}

function remove(req, res, next) {
    assert.strictEqual(typeof req.params.userId, 'string');

    // rules:
    // - admin can remove any user
    // - admin cannot remove admin
    // - user cannot remove himself <- TODO should this actually work?

    if (req.user.id === req.params.userId) return next(new HttpError(403, 'Not allowed to remove yourself.'));

    user.remove(req.params.userId, auditSource(req), function (error) {
        if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204));
    });
}

function verifyPassword(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    // using an 'sdk' token we skip password checks
    var error = oauth2.validateRequestedScopes(req, [ clients.SCOPE_ROLE_SDK ]);
    if (!error) return next();

    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));

    user.verifyWithUsername(req.user.username, req.body.password, function (error) {
        if (error && error.reason === UserError.WRONG_PASSWORD) return next(new HttpError(403, 'Password incorrect'));
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(403, 'Password incorrect'));
        if (error) return next(new HttpError(500, error));

        next();
    });
}

/*
    Middleware which makes the route only accessable for the admin user.
*/
function requireAdmin(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

    if (!req.user.admin) return next(new HttpError(403, 'API call requires admin rights.'));

    next();
}

function sendInvite(req, res, next) {
    assert.strictEqual(typeof req.params.userId, 'string');

    user.sendInvite(req.params.userId, function (error, result) {
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(200, { resetToken: result }));
    });
}

function setGroups(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');
    assert.strictEqual(typeof req.params.userId, 'string');

    if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));

    // this route is only allowed for admins, so req.user has to be an admin
    if (req.user.id === req.params.userId && req.body.groupIds.indexOf(groups.ADMIN_GROUP_ID) === -1) return next(new HttpError(403, 'Admin removing itself from admins is not allowed'));

    user.setGroups(req.params.userId, req.body.groupIds, function (error) {
        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204));
    });
}
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`'use strict';`

			`exports = module.exports = {`
remove unused user route functions 2016-04-17 18:27:11 +02:00			`get: get,`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`update: update,`
remove unused user route functions 2016-04-17 18:27:11 +02:00			`list: list,`
			`create: create,`
			`remove: remove,`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`verifyPassword: verifyPassword,`
Add send invite route 2016-01-18 15:37:03 +01:00			`requireAdmin: requireAdmin,`
Add route to set the users groups 2016-02-09 15:47:02 -08:00			`sendInvite: sendInvite,`
			`setGroups: setGroups`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`};`

			`var assert = require('assert'),`
Allow tokens with SCOPE_ROLE_SDK through without a password 2016-06-03 11:10:59 +02:00			`clients = require('../clients.js'),`
Move password generation into separate file and ensure we generate strong passwords 2016-01-20 15:33:11 +01:00			`generatePassword = require('../password.js').generate,`
make all tests work after group changes 2016-02-09 09:37:12 -08:00			`groups = require('../groups.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`HttpError = require('connect-lastmile').HttpError,`
			`HttpSuccess = require('connect-lastmile').HttpSuccess,`
Check for sdk token instead of token type DEV 2016-06-03 10:17:52 +02:00			`oauth2 = require('./oauth2.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`user = require('../user.js'),`
			`tokendb = require('../tokendb.js'),`
filter out correct fields in the route code 2016-06-03 00:04:17 -07:00			`UserError = user.UserError,`
			`_ = require('underscore');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
make user.create take auditSource 2016-05-01 20:01:34 -07:00			`function auditSource(req) {`
			`var ip = req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress \|\| null;`
			`return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };`
			`}`

remove unused user route functions 2016-04-17 18:27:11 +02:00			`function create(req, res, next) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof req.body, 'object');`

			`if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));`
Change user creation api to require the invite flag 2016-01-18 16:53:51 +01:00			`if (typeof req.body.invite !== 'boolean') return next(new HttpError(400, 'invite must be boolean'));`
Do not require a username to be present when creating a user 2016-04-01 16:48:50 +02:00			`if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));`
Fix typo 2016-01-20 00:05:06 -08:00			`if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Move password generation into separate file and ensure we generate strong passwords 2016-01-20 15:33:11 +01:00			`var password = generatePassword();`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`var email = req.body.email;`
Change user creation api to require the invite flag 2016-01-18 16:53:51 +01:00			`var sendInvite = req.body.invite;`
Do not require a username to be present when creating a user 2016-04-01 16:48:50 +02:00			`var username = req.body.username \|\| '';`
Add displayName to create user and activate routes 2016-01-19 23:34:49 -08:00			`var displayName = req.body.displayName \|\| '';`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
make user.create take auditSource 2016-05-01 20:01:34 -07:00			`user.create(username, password, email, displayName, auditSource(req), { invitor: req.user, sendInvite: sendInvite }, function (error, user) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));`
Report user conflict message all the way through the rest routes 2016-06-02 15:41:07 +02:00			`if (error && error.reason === UserError.ALREADY_EXISTS) return next(new HttpError(409, error.message));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return next(new HttpError(500, error));`

			`var userInfo = {`
			`id: user.id,`
			`username: user.username,`
Do not require a username to be present when creating a user 2016-04-01 16:48:50 +02:00			`displayName: user.displayName,`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`email: user.email,`
			`admin: user.admin,`
return empty groupIds 2016-05-31 11:49:59 -07:00			`groupIds: [ ],`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`resetToken: user.resetToken`
			`};`

fix user create response 2016-04-06 10:20:32 -07:00			`next(new HttpSuccess(201, userInfo ));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

			`function update(req, res, next) {`
Ensure we actually update the correct user, not the user holding the token 2016-01-25 14:58:02 +01:00			`assert.strictEqual(typeof req.params.userId, 'string');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof req.user, 'object');`
			`assert.strictEqual(typeof req.body, 'object');`

Make email in user change optional 2016-01-25 14:12:09 +01:00			`if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));`
Support changing the displayName 2016-01-25 14:08:11 +01:00			`if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));`
user.update does not need the user object 2016-06-02 23:53:06 -07:00			`if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be a string'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Do not require password for user profile changes 2016-02-25 14:03:42 +01:00			`if (req.user.id !== req.params.userId && !req.user.admin) return next(new HttpError(403, 'Not allowed'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
user.update does not need the user object 2016-06-02 23:53:06 -07:00			`user.update(req.params.userId, req.body, auditSource(req), function (error) {`
			`if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));`
			`if (error && error.reason === UserError.ALREADY_EXISTS) return next(new HttpError(409, error.message));`
			`if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return next(new HttpError(500, error));`

user.update does not need the user object 2016-06-02 23:53:06 -07:00			`next(new HttpSuccess(204));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

remove unused user route functions 2016-04-17 18:27:11 +02:00			`function list(req, res, next) {`
filter out correct fields in the route code 2016-06-03 00:04:17 -07:00			`user.list(function (error, results) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return next(new HttpError(500, error));`
filter out correct fields in the route code 2016-06-03 00:04:17 -07:00
			`var users = results.map(function (result) {`
			`return _.pick(result, 'id', 'username', 'email', 'displayName', 'groupIds', 'admin');`
			`});`

			`next(new HttpSuccess(200, { users: users }));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

remove unused user route functions 2016-04-17 18:27:11 +02:00			`function get(req, res, next) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof req.params.userId, 'string');`
Do not require password for user profile changes 2016-02-25 14:03:42 +01:00			`assert.strictEqual(typeof req.user, 'object');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow user details only for the same user or admins 2016-02-25 13:44:53 +01:00			`if (req.user.id !== req.params.userId && !req.user.admin) return next(new HttpError(403, 'Not allowed'));`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`user.get(req.params.userId, function (error, result) {`
			`if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'No such user'));`
			`if (error) return next(new HttpError(500, error));`

return groupIds in get user route 2016-06-03 00:00:11 -07:00			`next(new HttpSuccess(200, {`
			`id: result.id,`
			`username: result.username,`
			`displayName: result.displayName,`
			`email: result.email,`
			`admin: result.admin,`
			`groupIds: result.groupIds`
			`}));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

remove unused user route functions 2016-04-17 18:27:11 +02:00			`function remove(req, res, next) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof req.params.userId, 'string');`

			`// rules:`
			`// - admin can remove any user`
			`// - admin cannot remove admin`
			`// - user cannot remove himself <- TODO should this actually work?`

			`if (req.user.id === req.params.userId) return next(new HttpError(403, 'Not allowed to remove yourself.'));`

move logic to model code 2016-06-02 22:25:48 -07:00			`user.remove(req.params.userId, auditSource(req), function (error) {`
disallow certain actions in demo mode * Cannot change password * Cannot delete user * Cannot migrate domain or change plan Fixes #20 2016-08-31 21:20:48 -07:00			`if (error && error.reason === UserError.BAD_FIELD) return next(new HttpError(400, error.message));`
Send full user information on deletion, not just the uuid 2016-04-03 01:41:47 +02:00			`if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'No such user'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return next(new HttpError(500, error));`

move logic to model code 2016-06-02 22:25:48 -07:00			`next(new HttpSuccess(204));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

			`function verifyPassword(req, res, next) {`
			`assert.strictEqual(typeof req.body, 'object');`

Check for sdk token instead of token type DEV 2016-06-03 10:17:52 +02:00			`// using an 'sdk' token we skip password checks`
Allow tokens with SCOPE_ROLE_SDK through without a password 2016-06-03 11:10:59 +02:00			`var error = oauth2.validateRequestedScopes(req, [ clients.SCOPE_ROLE_SDK ]);`
Check for sdk token instead of token type DEV 2016-06-03 10:17:52 +02:00			`if (!error) return next();`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));`

Simplify the password change logic We now can use verifyPassword and this makes user.changePassword() route obsolete 2016-04-17 19:17:01 +02:00			`user.verifyWithUsername(req.user.username, req.body.password, function (error) {`
			`if (error && error.reason === UserError.WRONG_PASSWORD) return next(new HttpError(403, 'Password incorrect'));`
			`if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(403, 'Password incorrect'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return next(new HttpError(500, error));`

Simplify the password change logic We now can use verifyPassword and this makes user.changePassword() route obsolete 2016-04-17 19:17:01 +02:00			`next();`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

			`/*`
			`Middleware which makes the route only accessable for the admin user.`
			`*/`
			`function requireAdmin(req, res, next) {`
			`assert.strictEqual(typeof req.user, 'object');`

Just check for .admin flag in the user object 2016-02-25 11:42:25 +01:00			`if (!req.user.admin) return next(new HttpError(403, 'API call requires admin rights.'));`
make all tests work after group changes 2016-02-09 09:37:12 -08:00
Just check for .admin flag in the user object 2016-02-25 11:42:25 +01:00			`next();`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`}`

Add send invite route 2016-01-18 15:37:03 +01:00			`function sendInvite(req, res, next) {`
			`assert.strictEqual(typeof req.params.userId, 'string');`

Deliver the resetToken when an invite was sent 2016-04-04 18:14:07 +02:00			`user.sendInvite(req.params.userId, function (error, result) {`
Add send invite route 2016-01-18 15:37:03 +01:00			`if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'User not found'));`
			`if (error) return next(new HttpError(500, error));`

Deliver the resetToken when an invite was sent 2016-04-04 18:14:07 +02:00			`next(new HttpSuccess(200, { resetToken: result }));`
Add send invite route 2016-01-18 15:37:03 +01:00			`});`
			`}`
Add route to set the users groups 2016-02-09 15:47:02 -08:00
			`function setGroups(req, res, next) {`
			`assert.strictEqual(typeof req.body, 'object');`
			`assert.strictEqual(typeof req.params.userId, 'string');`

			`if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));`

Do not allow an admin remove itself from admins group 2016-02-11 11:29:04 +01:00			`// this route is only allowed for admins, so req.user has to be an admin`
			`if (req.user.id === req.params.userId && req.body.groupIds.indexOf(groups.ADMIN_GROUP_ID) === -1) return next(new HttpError(403, 'Admin removing itself from admins is not allowed'));`

Add route to set the users groups 2016-02-09 15:47:02 -08:00			`user.setGroups(req.params.userId, req.body.groupIds, function (error) {`
			`if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));`
			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(204));`
			`});`
			`}`