• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

mozilla / blurts-server / #12504

pending completion
#12504

push

circleci

web-flow
Merge pull request #2861 from mozilla/MNTOR-1198

MNTOR-1198: error detection retry

282 of 1383 branches covered (20.39%)

Branch coverage included in aggregate %.

12 of 12 new or added lines in 1 file covered. (100.0%)

959 of 3748 relevant lines covered (25.59%)

2.08 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/src/middleware/auth.js
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4

5
import AppConstants from '../app-constants.js'
6
import { getSubscriberById, updateFxAProfileData } from '../db/tables/subscribers.js'
7
import * as FXA from '../utils/fxa.js'
8
import { UnauthorizedError } from '../utils/error.js'
9

10
async function getRequestSessionUser (req, res, next) {
11
  if (req.session && req.session.user) {
×
12
    // make sure the user object has all subscribers and email_addresses properties
13
    return getSubscriberById(req.session.user.id)
×
14
  }
15
  return null
×
16
}
17

18
async function requireSessionUser (req, res, next) {
19
  const user = await getRequestSessionUser(req)
×
20
  if (!user) {
×
21
    const queryParams = new URLSearchParams(req.query).toString()
×
22
    return res.redirect(`/oauth/init?${queryParams}`)
×
23
  }
24
  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)
×
25
  if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {
×
26
    delete req.session.user
×
27
    return res.redirect('/')
×
28
  }
29
  await updateFxAProfileData(user, fxaProfileData)
×
30
  req.session.user = user
×
31
  req.user = user
×
32
  next()
×
33
}
34

35
async function requireAdminUser (req, res, next) {
36
  const user = await getRequestSessionUser(req)
×
37
  if (!user) {
×
38
    const queryParams = new URLSearchParams(req.query).toString()
×
39
    return res.redirect(`/oauth/init?${queryParams}`)
×
40
  }
41
  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)
×
42

43
  // log for better debugging
44
  console.info('requireAdminUser - fxaProfileData:' + JSON.stringify(fxaProfileData))
×
45

46
  // https://stackoverflow.com/questions/30469261/checking-for-typeof-error-in-js
47
  // duck typing and instanceof check to make sure it's an error type
48
  if (fxaProfileData instanceof Error || (fxaProfileData && fxaProfileData.stack && fxaProfileData.message)) {
×
49
    delete req.session.user
×
50
    return res.redirect('/')
×
51
  }
52

53
  try {
×
54
    const admins = AppConstants.ADMINS?.split(',') || []
×
55
    const isAdmin = admins.includes(JSON.parse(fxaProfileData).email)
×
56
    if (!isAdmin) {
×
57
      next(new UnauthorizedError('User is not an admin'))
×
58
    }
59

60
    await updateFxAProfileData(user, fxaProfileData)
×
61
    req.session.user = user
×
62
    req.user = user
×
63
    next()
×
64
  } catch (e) {
65
    next(e)
×
66
  }
67
}
68

69
export { requireSessionUser, requireAdminUser }
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc