#12332

pending completion

Build # #12332

Build Type

push

circleci

Committed by

web-flow

Commit Message

Merge pull request #2839 from mozilla/fix-require-admin-json-parse

MNTOR-1198: admin middleware json parse fix

Run Details

282 of 1371 branches covered (20.57%)

Branch coverage included in aggregate %.

6 of 6 new or added lines in 1 file covered. (100.0%)

959 of 3720 relevant lines covered (25.78%)

2.09 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/middleware/auth.js

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import AppConstants from '../app-constants.js'
import { getSubscriberById, updateFxAProfileData } from '../db/tables/subscribers.js'
import * as FXA from '../utils/fxa.js'
import { UnauthorizedError } from '../utils/error.js'

async function getRequestSessionUser (req, res, next) {
  if (req.session && req.session.user) {
    // make sure the user object has all subscribers and email_addresses properties
    return getSubscriberById(req.session.user.id)
  }
  return null
}

async function requireSessionUser (req, res, next) {
  const user = await getRequestSessionUser(req)
  if (!user) {
    const queryParams = new URLSearchParams(req.query).toString()
    return res.redirect(`/oauth/init?${queryParams}`)
  }
  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)
  if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {
    delete req.session.user
    return res.redirect('/')
  }
  await updateFxAProfileData(user, fxaProfileData)
  req.session.user = user
  req.user = user
  next()
}

async function requireAdminUser (req, res, next) {
  const user = await getRequestSessionUser(req)
  if (!user) {
    const queryParams = new URLSearchParams(req.query).toString()
    return res.redirect(`/oauth/init?${queryParams}`)
  }
  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)
  if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {
    delete req.session.user
    return res.redirect('/')
  }
  const admins = AppConstants.ADMINS?.split(',') || []
  const isAdmin = admins.includes(JSON.parse(fxaProfileData).email)
  if (!isAdmin) {
    next(new UnauthorizedError('User is not an admin'))
  }

  await updateFxAProfileData(user, fxaProfileData)
  req.session.user = user
  req.user = user
  next()
}

export { requireSessionUser, requireAdminUser }

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	import AppConstants from '../app-constants.js'
6	import { getSubscriberById, updateFxAProfileData } from '../db/tables/subscribers.js'
7	import * as FXA from '../utils/fxa.js'
8	import { UnauthorizedError } from '../utils/error.js'
9
10	async function getRequestSessionUser (req, res, next) {
11	if (req.session && req.session.user) {	×
12	// make sure the user object has all subscribers and email_addresses properties
13	return getSubscriberById(req.session.user.id)	×
14	}
15	return null	×
16	}
17
18	async function requireSessionUser (req, res, next) {
19	const user = await getRequestSessionUser(req)	×
20	if (!user) {	×
21	const queryParams = new URLSearchParams(req.query).toString()	×
22	return res.redirect(`/oauth/init?${queryParams}`)	×
23	}
24	const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)	×
25	if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {	×
26	delete req.session.user	×
27	return res.redirect('/')	×
28	}
29	await updateFxAProfileData(user, fxaProfileData)	×
30	req.session.user = user	×
31	req.user = user	×
32	next()	×
33	}
34
35	async function requireAdminUser (req, res, next) {
36	const user = await getRequestSessionUser(req)	×
37	if (!user) {	×
38	const queryParams = new URLSearchParams(req.query).toString()	×
39	return res.redirect(`/oauth/init?${queryParams}`)	×
40	}
41	const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)	×
42	if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {	×
43	delete req.session.user	×
44	return res.redirect('/')	×
45	}
46	const admins = AppConstants.ADMINS?.split(',') \|\| []	×
47	const isAdmin = admins.includes(JSON.parse(fxaProfileData).email)	×
48	if (!isAdmin) {	×
49	next(new UnauthorizedError('User is not an admin'))	×
50	}
51
52	await updateFxAProfileData(user, fxaProfileData)	×
53	req.session.user = user	×
54	req.user = user	×
55	next()	×
56	}
57
58	export { requireSessionUser, requireAdminUser }

mozilla / blurts-server / #12332

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous