mozilla / blurts-server / #11898

#11898

push

circleci

web-flow 
Merge pull request #2770 from mozilla/license

Add license headers in source files

282 of 1138 branches covered (24.78%)

Branch coverage included in aggregate %.

959 of 3049 relevant lines covered (31.45%)

2.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/src/middleware/auth.js
1 
/* This Source Code Form is subject to the terms of the Mozilla Public
2 
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 









5



import AppConstants from '../app-constants.js'










6



import { getSubscriberById, updateFxAProfileData } from '../db/tables/subscribers.js'










7



import * as FXA from '../utils/fxa.js'










8












9



async function getRequestSessionUser (req, res, next) {










10



  if (req.session && req.session.user) {





×







11



    // make sure the user object has all subscribers and email_addresses properties










12



    return getSubscriberById(req.session.user.id)




×







13



  }










14



  return null




×







15



}










16












17



async function requireSessionUser (req, res, next) {










18



  const user = await getRequestSessionUser(req)




×







19



  if (!user) {





×







20



    const queryParams = new URLSearchParams(req.query).toString()




×







21



    return res.redirect(`/oauth/init?${queryParams}`)




×







22



  }










23



  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)




×







24



  if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {





×







25



    delete req.session.user




×







26



    return res.redirect('/')




×







27



  }










28



  await updateFxAProfileData(user, fxaProfileData)




×







29



  req.session.user = user




×







30



  req.user = user




×







31



  next()




×







32



}










33












34



async function requireAdminUser (req, res, next) {










35



  const user = await getRequestSessionUser(req)




×







36



  if (!user) {





×







37



    const queryParams = new URLSearchParams(req.query).toString()




×







38



    return res.redirect(`/oauth/init?${queryParams}`)




×







39



  }










40



  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)




×







41



  const admins = AppConstants.ADMINS?.split(',') || []





×







42



  const isAdmin = admins.includes(JSON.parse(fxaProfileData).email)




×







43












44



  const hasFxaError = Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name





×







45



  if (hasFxaError) {





×







46



    delete req.session.user




×







47



  }










48



  if (!isAdmin || hasFxaError) {





×







49



    return res.sendStatus(401)




×







50



  }










51












52



  await updateFxAProfileData(user, fxaProfileData)




×







53



  req.session.user = user




×







54



  req.user = user




×







55



  next()




×







56



}










57












58



export { requireSessionUser, requireAdminUser }
























    

  • 

    •