src/userdb.js

'use strict';

exports = module.exports = {
    get: get,
    getByUsername: getByUsername,
    getByEmail: getByEmail,
    getByAccessToken: getByAccessToken,
    getByResetToken: getByResetToken,
    getOwner: getOwner,
    getAllWithGroupIds: getAllWithGroupIds,
    getAllWithGroupIdsPaged: getAllWithGroupIdsPaged,
    getAllAdmins: getAllAdmins,
    add: add,
    del: del,
    update: update,
    count: count,

    _clear: clear
};

var assert = require('assert'),
    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
    debug = require('debug')('box:userdb'),
    mysql = require('mysql');

var USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'createdAt', 'modifiedAt', 'resetToken', 'displayName',
    'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'admin', 'active', 'source' ].join(',');

function postProcess(result) {
    assert.strictEqual(typeof result, 'object');

    result.twoFactorAuthenticationEnabled = !!result.twoFactorAuthenticationEnabled;
    result.admin = !!result.admin;
    result.active = !!result.active;

    return result;
}

function get(userId, callback) {
    assert.strictEqual(typeof userId, 'string');
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE id = ?', [ userId ], function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(null, postProcess(result[0]));
    });
}

function getByUsername(username, callback) {
    assert.strictEqual(typeof username, 'string');
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE username = ?', [ username ], function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(null, postProcess(result[0]));
    });
}

function getByEmail(email, callback) {
    assert.strictEqual(typeof email, 'string');
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email = ?', [ email ], function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(null, postProcess(result[0]));
    });
}

function getOwner(callback) {
    assert.strictEqual(typeof callback, 'function');

    // the first created user it the 'owner'
    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE admin=1 ORDER BY createdAt LIMIT 1', function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(null, postProcess(result[0]));
    });
}

function getByResetToken(email, resetToken, callback) {
    assert.strictEqual(typeof email, 'string');
    assert.strictEqual(typeof resetToken, 'string');
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email=? AND resetToken=?', [ email, resetToken ], function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(null, postProcess(result[0]));
    });
}

function getAllWithGroupIds(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT ' + USERS_FIELDS + ',GROUP_CONCAT(groupMembers.groupId) AS groupIds ' +
                    ' FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId ' +
                    ' GROUP BY users.id ORDER BY users.username', function (error, results) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        results.forEach(function (result) {
            result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];
        });

        results.forEach(postProcess);

        callback(null, results);
    });
}

function getAllWithGroupIdsPaged(search, page, perPage, callback) {
    assert(typeof search === 'string' || search === null);
    assert.strictEqual(typeof page, 'number');
    assert.strictEqual(typeof perPage, 'number');
    assert.strictEqual(typeof callback, 'function');

    var query = `SELECT ${USERS_FIELDS},GROUP_CONCAT(groupMembers.groupId) AS groupIds FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId `;

    if (search) {
        query += ' WHERE ';
        query += '(LOWER(users.username) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
        query += ' OR ';
        query += '(LOWER(users.email) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
        query += ' OR ';
        query += '(LOWER(users.displayName) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
    }

    query += ` GROUP BY users.id ORDER BY users.username ASC LIMIT ${(page-1)*perPage},${perPage} `;

    database.query(query, function (error, results) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        results.forEach(function (result) {
            result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];
        });

        results.forEach(postProcess);

        callback(null, results);
    });
}

function getAllAdmins(callback) {
    assert.strictEqual(typeof callback, 'function');

    // the mailer code relies on the first object being the 'owner' (thus the ORDER)
    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE admin=1 ORDER BY createdAt', function (error, results) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        results.forEach(postProcess);

        callback(null, results);
    });
}

function add(userId, user, callback) {
    assert.strictEqual(typeof userId, 'string');
    assert(user.username === null || typeof user.username === 'string');
    assert.strictEqual(typeof user.password, 'string');
    assert.strictEqual(typeof user.email, 'string');
    assert.strictEqual(typeof user.fallbackEmail, 'string');
    assert.strictEqual(typeof user.salt, 'string');
    assert.strictEqual(typeof user.createdAt, 'string');
    assert.strictEqual(typeof user.modifiedAt, 'string');
    assert.strictEqual(typeof user.resetToken, 'string');
    assert.strictEqual(typeof user.displayName, 'string');
    assert.strictEqual(typeof user.admin, 'boolean');
    assert.strictEqual(typeof user.source, 'string');
    assert.strictEqual(typeof callback, 'function');

    const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, createdAt, modifiedAt, resetToken, displayName, admin, source) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
    const args = [ userId, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName, user.admin, user.source ];

    database.query(query, args, function (error) {
        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'email already exists'));
        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'username already exists'));
        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('PRIMARY') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'id already exists'));
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        callback(null);
    });
}

function del(userId, callback) {
    assert.strictEqual(typeof userId, 'string');
    assert.strictEqual(typeof callback, 'function');

    // also cleanup the groupMembers table
    var queries = [];
    queries.push({ query: 'DELETE FROM groupMembers WHERE userId = ?', args: [ userId ] });
    queries.push({ query: 'DELETE FROM tokens WHERE identifier = ?', args: [ userId ] });
    queries.push({ query: 'DELETE FROM users WHERE id = ?', args: [ userId ] });

    database.transaction(queries, function (error, result) {
        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, error));
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result[2].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(error);
    });
}

function getByAccessToken(accessToken, callback) {
    assert.strictEqual(typeof accessToken, 'string');
    assert.strictEqual(typeof callback, 'function');

    debug('getByAccessToken: ' +  accessToken);

    database.query('SELECT ' + USERS_FIELDS + ' FROM users, tokens WHERE tokens.accessToken = ?', [ accessToken ], function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));

        callback(null, postProcess(result[0]));
    });
}

function clear(callback) {
    database.query('DELETE FROM users', function (error) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        callback(error);
    });
}

function update(userId, user, callback) {
    assert.strictEqual(typeof userId, 'string');
    assert.strictEqual(typeof user, 'object');
    assert.strictEqual(typeof callback, 'function');

    var args = [ ];
    var fields = [ ];
    for (var k in user) {
        fields.push(k + ' = ?');

        if (k === 'username') {
            assert(user.username === null || typeof user.username === 'string');
            args.push(user.username);
        } else if (k === 'email' || k === 'fallbackEmail') {
            assert.strictEqual(typeof user[k], 'string');
            args.push(user[k]);
        } else if (k === 'twoFactorAuthenticationEnabled' || k === 'admin' || k === 'active') {
            assert.strictEqual(typeof user[k], 'boolean');
            args.push(user[k] ? 1 : 0);
        } else {
            args.push(user[k]);
        }
    }
    args.push(userId);

    database.query('UPDATE users SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error) {
        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'email already exists'));
        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'username already exists'));
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        return callback(null);
    });
}

function count(callback) {
    assert.strictEqual(typeof callback, 'function');

    database.query('SELECT COUNT(*) AS total FROM users', function (error, result) {
        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));

        return callback(null, result[0].total);
    });
}
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`'use strict';`

			`exports = module.exports = {`
			`get: get,`
			`getByUsername: getByUsername,`
			`getByEmail: getByEmail,`
			`getByAccessToken: getByAccessToken,`
			`getByResetToken: getByResetToken,`
Add getOwner 2016-01-13 12:28:38 -08:00			`getOwner: getOwner,`
make all tests work after group changes 2016-02-09 09:37:12 -08:00			`getAllWithGroupIds: getAllWithGroupIds,`
Add paginated user listing on the db level 2019-01-14 16:08:55 +01:00			`getAllWithGroupIdsPaged: getAllWithGroupIdsPaged,`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`getAllAdmins: getAllAdmins,`
			`add: add,`
			`del: del,`
			`update: update,`
			`count: count,`

			`_clear: clear`
			`};`

			`var assert = require('assert'),`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`BoxError = require('./boxerror.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`database = require('./database.js'),`
			`debug = require('debug')('box:userdb'),`
Support username search in user listing api 2019-01-15 17:21:40 +01:00			`mysql = require('mysql');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Make admin simply a boolean instead of group This simplifies a lot of logic. Keeping an admin group has no benefit 2018-07-26 17:17:52 -07:00			`var USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'createdAt', 'modifiedAt', 'resetToken', 'displayName',`
Add user source property to schema 2019-08-29 17:52:00 +02:00			`'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'admin', 'active', 'source' ].join(',');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`function postProcess(result) {`
			`assert.strictEqual(typeof result, 'object');`

Handle 2fa fields in userdb code 2018-04-25 16:40:17 +02:00			`result.twoFactorAuthenticationEnabled = !!result.twoFactorAuthenticationEnabled;`
Make admin simply a boolean instead of group This simplifies a lot of logic. Keeping an admin group has no benefit 2018-07-26 17:17:52 -07:00			`result.admin = !!result.admin;`
Add user enable/disable flag 2019-08-08 05:45:56 -07:00			`result.active = !!result.active;`
Handle 2fa fields in userdb code 2018-04-25 16:40:17 +02:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`return result;`
			`}`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`function get(userId, callback) {`
			`assert.strictEqual(typeof userId, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE id = ?', [ userId ], function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`callback(null, postProcess(result[0]));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

			`function getByUsername(username, callback) {`
			`assert.strictEqual(typeof username, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Move username and email lowercasing to where it belongs Fixes #592 2016-04-14 16:25:46 +02:00			`database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE username = ?', [ username ], function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
Actually query by username instead of just delegate to get() in getByUsername() 2016-04-01 21:43:48 +02:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`callback(null, postProcess(result[0]));`
Actually query by username instead of just delegate to get() in getByUsername() 2016-04-01 21:43:48 +02:00			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`}`

			`function getByEmail(email, callback) {`
			`assert.strictEqual(typeof email, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Move username and email lowercasing to where it belongs Fixes #592 2016-04-14 16:25:46 +02:00			`database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email = ?', [ email ], function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`callback(null, postProcess(result[0]));`
Add getOwner 2016-01-13 12:28:38 -08:00			`});`
			`}`

			`function getOwner(callback) {`
			`assert.strictEqual(typeof callback, 'function');`

Instead of appstore account, include owner alternate email 2017-11-02 14:35:16 -07:00			`// the first created user it the 'owner'`
Make admin simply a boolean instead of group This simplifies a lot of logic. Keeping an admin group has no benefit 2018-07-26 17:17:52 -07:00			`database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE admin=1 ORDER BY createdAt LIMIT 1', function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
Add getOwner 2016-01-13 12:28:38 -08:00
lint 2018-10-29 14:11:43 -07:00			`callback(null, postProcess(result[0]));`
			`});`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`}`

Add email query param to reset code path This reduces any attack surface 2018-06-12 17:22:41 -07:00			`function getByResetToken(email, resetToken, callback) {`
			`assert.strictEqual(typeof email, 'string');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof resetToken, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Add email query param to reset code path This reduces any attack surface 2018-06-12 17:22:41 -07:00			`database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE email=? AND resetToken=?', [ email, resetToken ], function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`callback(null, postProcess(result[0]));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

make all tests work after group changes 2016-02-09 09:37:12 -08:00			`function getAllWithGroupIds(callback) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof callback, 'function');`

fix ldap test 2016-02-09 08:52:16 -08:00			`database.query('SELECT ' + USERS_FIELDS + ',GROUP_CONCAT(groupMembers.groupId) AS groupIds ' +`
			`' FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId ' +`
order for predictable tests 2016-04-06 09:08:59 -07:00			`' GROUP BY users.id ORDER BY users.username', function (error, results) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Add paginated user listing on the db level 2019-01-14 16:08:55 +01:00
			`results.forEach(function (result) {`
			`result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];`
			`});`

			`results.forEach(postProcess);`

			`callback(null, results);`
			`});`
			`}`

Support username search in user listing api 2019-01-15 17:21:40 +01:00			`function getAllWithGroupIdsPaged(search, page, perPage, callback) {`
			`assert(typeof search === 'string' \|\| search === null);`
Add paginated user listing on the db level 2019-01-14 16:08:55 +01:00			`assert.strictEqual(typeof page, 'number');`
			`assert.strictEqual(typeof perPage, 'number');`
			`assert.strictEqual(typeof callback, 'function');`

Support username search in user listing api 2019-01-15 17:21:40 +01:00			var query = `SELECT ${USERS_FIELDS},GROUP_CONCAT(groupMembers.groupId) AS groupIds FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId `;

WIP 2019-08-13 15:16:17 +02:00			`if (search) {`
			`query += ' WHERE ';`
Add more fuzzy user search Fixes #646 2019-08-13 15:23:22 +02:00			query += '(LOWER(users.username) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
WIP 2019-08-13 15:16:17 +02:00			`query += ' OR ';`
Add more fuzzy user search Fixes #646 2019-08-13 15:23:22 +02:00			query += '(LOWER(users.email) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
WIP 2019-08-13 15:16:17 +02:00			`query += ' OR ';`
Add more fuzzy user search Fixes #646 2019-08-13 15:23:22 +02:00			query += '(LOWER(users.displayName) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
WIP 2019-08-13 15:16:17 +02:00			`}`
Support username search in user listing api 2019-01-15 17:21:40 +01:00
			query += ` GROUP BY users.id ORDER BY users.username ASC LIMIT ${(page-1)*perPage},${perPage} `;
Add paginated user listing on the db level 2019-01-14 16:08:55 +01:00
			`database.query(query, function (error, results) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
fix ldap test 2016-02-09 08:52:16 -08:00			`results.forEach(function (result) {`
			`result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];`
			`});`

Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`results.forEach(postProcess);`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`callback(null, results);`
			`});`
			`}`

			`function getAllAdmins(callback) {`
			`assert.strictEqual(typeof callback, 'function');`

Instead of appstore account, include owner alternate email 2017-11-02 14:35:16 -07:00			`// the mailer code relies on the first object being the 'owner' (thus the ORDER)`
Make admin simply a boolean instead of group This simplifies a lot of logic. Keeping an admin group has no benefit 2018-07-26 17:17:52 -07:00			`database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE admin=1 ORDER BY createdAt', function (error, results) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`results.forEach(postProcess);`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`callback(null, results);`
			`});`
			`}`

			`function add(userId, user, callback) {`
			`assert.strictEqual(typeof userId, 'string');`
Allow usernames and groupnames of length 1 Fixes #204 2017-02-02 00:23:11 -08:00			`assert(user.username === null \|\| typeof user.username === 'string');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof user.password, 'string');`
			`assert.strictEqual(typeof user.email, 'string');`
Add fallbackEmail to user data model 2018-01-21 14:25:39 +01:00			`assert.strictEqual(typeof user.fallbackEmail, 'string');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof user.salt, 'string');`
			`assert.strictEqual(typeof user.createdAt, 'string');`
			`assert.strictEqual(typeof user.modifiedAt, 'string');`
			`assert.strictEqual(typeof user.resetToken, 'string');`
Use displayName in userdb 2016-01-19 12:39:54 +01:00			`assert.strictEqual(typeof user.displayName, 'string');`
Make admin simply a boolean instead of group This simplifies a lot of logic. Keeping an admin group has no benefit 2018-07-26 17:17:52 -07:00			`assert.strictEqual(typeof user.admin, 'boolean');`
Create and update users from external ldap 2019-08-29 22:15:48 +02:00			`assert.strictEqual(typeof user.source, 'string');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`assert.strictEqual(typeof callback, 'function');`

Create and update users from external ldap 2019-08-29 22:15:48 +02:00			`const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, createdAt, modifiedAt, resetToken, displayName, admin, source) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';`
			`const args = [ userId, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName, user.admin, user.source ];`
add/del/update user mailbox as part of transaction 2017-02-14 10:42:32 -08:00
Parse sql error message to deliver correct conflict errors 2018-01-26 17:56:07 +01:00			`database.query(query, args, function (error) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'email already exists'));`
			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'username already exists'));`
			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('PRIMARY') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'id already exists'));`
			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`callback(null);`
			`});`
			`}`

			`function del(userId, callback) {`
			`assert.strictEqual(typeof userId, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Ensure we can delete users which belong to a group 2016-02-11 12:02:35 +01:00			`// also cleanup the groupMembers table`
			`var queries = [];`
Check if user deletion actually affected a row 2016-02-11 12:07:43 +01:00			`queries.push({ query: 'DELETE FROM groupMembers WHERE userId = ?', args: [ userId ] });`
remove all user tokens when user is deleted 2018-08-27 13:58:02 -07:00			`queries.push({ query: 'DELETE FROM tokens WHERE identifier = ?', args: [ userId ] });`
Ensure we can delete users which belong to a group 2016-02-11 12:02:35 +01:00			`queries.push({ query: 'DELETE FROM users WHERE id = ?', args: [ userId ] });`

Check if user deletion actually affected a row 2016-02-11 12:07:43 +01:00			`database.transaction(queries, function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, error));`
			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result[2].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`callback(error);`
			`});`
			`}`

			`function getByAccessToken(accessToken, callback) {`
			`assert.strictEqual(typeof accessToken, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`debug('getByAccessToken: ' + accessToken);`

			`database.query('SELECT ' + USERS_FIELDS + ' FROM users, tokens WHERE tokens.accessToken = ?', [ accessToken ], function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
Not found messages at the db level 2019-10-24 20:48:38 -07:00			`if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`callback(null, postProcess(result[0]));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`});`
			`}`

			`function clear(callback) {`
			`database.query('DELETE FROM users', function (error) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`callback(error);`
			`});`
			`}`

			`function update(userId, user, callback) {`
			`assert.strictEqual(typeof userId, 'string');`
			`assert.strictEqual(typeof user, 'object');`
			`assert.strictEqual(typeof callback, 'function');`

			`var args = [ ];`
			`var fields = [ ];`
			`for (var k in user) {`
			`fields.push(k + ' = ?');`
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00
			`if (k === 'username') {`
Allow usernames and groupnames of length 1 Fixes #204 2017-02-02 00:23:11 -08:00			`assert(user.username === null \|\| typeof user.username === 'string');`
			`args.push(user.username);`
Refactor a bit 2018-07-26 15:35:41 -07:00			`} else if (k === 'email' \|\| k === 'fallbackEmail') {`
			`assert.strictEqual(typeof user[k], 'string');`
			`args.push(user[k]);`
Add user enable/disable flag 2019-08-08 05:45:56 -07:00			`} else if (k === 'twoFactorAuthenticationEnabled' \|\| k === 'admin' \|\| k === 'active') {`
Refactor a bit 2018-07-26 15:35:41 -07:00			`assert.strictEqual(typeof user[k], 'boolean');`
			`args.push(user[k] ? 1 : 0);`
Allow multiple empty usernames in the db 2016-04-05 10:54:09 +02:00			`} else {`
			`args.push(user[k]);`
			`}`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`}`
			`args.push(userId);`

Do not automatically create mailboxes for users 2018-01-24 12:56:12 +01:00			`database.query('UPDATE users SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'email already exists'));`
			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'username already exists'));`
			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`return callback(null);`
			`});`
			`}`

			`function count(callback) {`
			`assert.strictEqual(typeof callback, 'function');`

			`database.query('SELECT COUNT(*) AS total FROM users', function (error, result) {`
Move UsersError to BoxError 2019-10-24 14:40:26 -07:00			`if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`return callback(null, result[0].total);`
			`});`
			`}`