Move UsersError to BoxError
This commit is contained in:
Girish Ramakrishnan
@@ -18,8 +18,7 @@ var accesscontrol = require('../accesscontrol.js'),
|
||||
HttpError = require('connect-lastmile').HttpError,
|
||||
LocalStrategy = require('passport-local').Strategy,
|
||||
passport = require('passport'),
|
||||
users = require('../users.js'),
|
||||
UsersError = users.UsersError;
|
||||
users = require('../users.js');
|
||||
|
||||
function initialize(callback) {
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
@@ -42,16 +41,16 @@ function initialize(callback) {
|
||||
passport.use(new LocalStrategy(function (username, password, callback) {
|
||||
if (username.indexOf('@') === -1) {
|
||||
users.verifyWithUsername(username, password, function (error, result) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return callback(null, false);
|
||||
if (error && error.reason === UsersError.WRONG_PASSWORD) return callback(null, false);
|
||||
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
|
||||
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
|
||||
if (error) return callback(error);
|
||||
if (!result) return callback(null, false);
|
||||
callback(null, result);
|
||||
});
|
||||
} else {
|
||||
users.verifyWithEmail(username, password, function (error, result) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return callback(null, false);
|
||||
if (error && error.reason === UsersError.WRONG_PASSWORD) return callback(null, false);
|
||||
if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
|
||||
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
|
||||
if (error) return callback(error);
|
||||
if (!result) return callback(null, false);
|
||||
callback(null, result);
|
||||
|
||||
+23
-14
@@ -11,12 +11,30 @@ exports = module.exports = {
|
||||
|
||||
var assert = require('assert'),
|
||||
auditSource = require('../auditsource.js'),
|
||||
BoxError = require('../boxerror.js'),
|
||||
HttpError = require('connect-lastmile').HttpError,
|
||||
HttpSuccess = require('connect-lastmile').HttpSuccess,
|
||||
users = require('../users.js'),
|
||||
UsersError = users.UsersError,
|
||||
_ = require('underscore');
|
||||
|
||||
function toHttpError(error) {
|
||||
switch (error.reason) {
|
||||
case BoxError.NOT_FOUND:
|
||||
return new HttpError(404, error);
|
||||
case BoxError.ALREADY_EXISTS:
|
||||
return new HttpError(409, error);
|
||||
case BoxError.BAD_FIELD:
|
||||
return new HttpError(400, error);
|
||||
case BoxError.EXTERNAL_ERROR:
|
||||
return new HttpError(424, error);
|
||||
case BoxError.INVALID_CREDENTIALS:
|
||||
return new HttpError(412, error);
|
||||
case BoxError.INTERNAL_ERROR:
|
||||
default:
|
||||
return new HttpError(500, error);
|
||||
}
|
||||
}
|
||||
|
||||
function get(req, res, next) {
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
@@ -43,10 +61,7 @@ function update(req, res, next) {
|
||||
var data = _.pick(req.body, 'email', 'fallbackEmail', 'displayName');
|
||||
|
||||
users.update(req.user.id, data, auditSource.fromRequest(req), function (error) {
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
|
||||
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
});
|
||||
@@ -59,9 +74,7 @@ function changePassword(req, res, next) {
|
||||
if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string'));
|
||||
|
||||
users.setPassword(req.user.id, req.body.newPassword, function (error) {
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
});
|
||||
@@ -71,8 +84,7 @@ function setTwoFactorAuthenticationSecret(req, res, next) {
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
users.setTwoFactorAuthenticationSecret(req.user.id, function (error, result) {
|
||||
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is enabled, disable first'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(201, { secret: result.secret, qrcode: result.qrcode }));
|
||||
});
|
||||
@@ -85,10 +97,7 @@ function enableTwoFactorAuthentication(req, res, next) {
|
||||
if (!req.body.totpToken || typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a nonempty string'));
|
||||
|
||||
users.enableTwoFactorAuthentication(req.user.id, req.body.totpToken, function (error) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error && error.reason === UsersError.BAD_TOKEN) return next(new HttpError(412, 'Invalid token'));
|
||||
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is already enabled'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(202, {}));
|
||||
});
|
||||
|
||||
+30
-28
@@ -15,10 +15,28 @@ exports = module.exports = {
|
||||
|
||||
var assert = require('assert'),
|
||||
auditSource = require('../auditsource.js'),
|
||||
BoxError = require('../boxerror.js'),
|
||||
HttpError = require('connect-lastmile').HttpError,
|
||||
HttpSuccess = require('connect-lastmile').HttpSuccess,
|
||||
users = require('../users.js'),
|
||||
UsersError = users.UsersError;
|
||||
users = require('../users.js');
|
||||
|
||||
function toHttpError(error) {
|
||||
switch (error.reason) {
|
||||
case BoxError.NOT_FOUND:
|
||||
return new HttpError(404, error);
|
||||
case BoxError.ALREADY_EXISTS:
|
||||
return new HttpError(409, error);
|
||||
case BoxError.BAD_FIELD:
|
||||
return new HttpError(400, error);
|
||||
case BoxError.EXTERNAL_ERROR:
|
||||
return new HttpError(424, error);
|
||||
case BoxError.INVALID_CREDENTIALS:
|
||||
return new HttpError(412, error);
|
||||
case BoxError.INTERNAL_ERROR:
|
||||
default:
|
||||
return new HttpError(500, error);
|
||||
}
|
||||
}
|
||||
|
||||
function create(req, res, next) {
|
||||
assert.strictEqual(typeof req.body, 'object');
|
||||
@@ -35,9 +53,7 @@ function create(req, res, next) {
|
||||
var displayName = req.body.displayName || '';
|
||||
|
||||
users.create(username, password, email, displayName, { invitor: req.user, admin: req.body.admin }, auditSource.fromRequest(req), function (error, user) {
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
|
||||
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
var userInfo = {
|
||||
id: user.id,
|
||||
@@ -72,10 +88,7 @@ function update(req, res, next) {
|
||||
if ('active' in req.body && typeof req.body.active !== 'boolean') return next(new HttpError(400, 'active must be a boolean'));
|
||||
|
||||
users.update(req.params.userId, req.body, auditSource.fromRequest(req), function (error) {
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
|
||||
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
});
|
||||
@@ -91,7 +104,7 @@ function list(req, res, next) {
|
||||
if (req.query.search && typeof req.query.search !== 'string') return next(new HttpError(400, 'search must be a string'));
|
||||
|
||||
users.getAllPaged(req.query.search || null, page, perPage, function (error, results) {
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
results = results.map(users.removeRestrictedFields);
|
||||
|
||||
@@ -104,8 +117,7 @@ function get(req, res, next) {
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
users.get(req.params.userId, function (error, result) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, users.removePrivateFields(result)));
|
||||
});
|
||||
@@ -117,9 +129,7 @@ function remove(req, res, next) {
|
||||
if (req.user.id === req.params.userId) return next(new HttpError(409, 'Not allowed to remove yourself.'));
|
||||
|
||||
users.remove(req.params.userId, auditSource.fromRequest(req), function (error) {
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
});
|
||||
@@ -133,9 +143,7 @@ function verifyPassword(req, res, next) {
|
||||
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
|
||||
|
||||
users.verifyWithUsername(req.user.username, req.body.password, function (error) {
|
||||
if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new HttpError(412, 'Password incorrect'));
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password
|
||||
|
||||
@@ -147,8 +155,7 @@ function createInvite(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
|
||||
users.createInvite(req.params.userId, function (error, resetToken) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, { resetToken: resetToken }));
|
||||
});
|
||||
@@ -158,9 +165,7 @@ function sendInvite(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
|
||||
users.sendInvite(req.params.userId, { invitor: req.user }, function (error) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(409, 'Call createInvite API first'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, { }));
|
||||
});
|
||||
@@ -173,8 +178,7 @@ function setGroups(req, res, next) {
|
||||
if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
|
||||
|
||||
users.setMembership(req.params.userId, req.body.groupIds, function (error) {
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
});
|
||||
@@ -187,9 +191,7 @@ function changePassword(req, res, next) {
|
||||
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string'));
|
||||
|
||||
users.setPassword(req.params.userId, req.body.password, function (error) {
|
||||
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
|
||||
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
|
||||
if (error) return next(new HttpError(500, error));
|
||||
if (error) return next(toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user