#12504

pending completion

Build # #12504

Build Type

push

circleci

Committed by

web-flow

Commit Message

Merge pull request #2861 from mozilla/MNTOR-1198

MNTOR-1198: error detection retry

Run Details

282 of 1383 branches covered (20.39%)

Branch coverage included in aggregate %.

12 of 12 new or added lines in 1 file covered. (100.0%)

959 of 3748 relevant lines covered (25.59%)

2.08 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/middleware/auth.js

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import AppConstants from '../app-constants.js'
import { getSubscriberById, updateFxAProfileData } from '../db/tables/subscribers.js'
import * as FXA from '../utils/fxa.js'
import { UnauthorizedError } from '../utils/error.js'

async function getRequestSessionUser (req, res, next) {
  if (req.session && req.session.user) {
    // make sure the user object has all subscribers and email_addresses properties
    return getSubscriberById(req.session.user.id)
  }
  return null
}

async function requireSessionUser (req, res, next) {
  const user = await getRequestSessionUser(req)
  if (!user) {
    const queryParams = new URLSearchParams(req.query).toString()
    return res.redirect(`/oauth/init?${queryParams}`)
  }
  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)
  if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {
    delete req.session.user
    return res.redirect('/')
  }
  await updateFxAProfileData(user, fxaProfileData)
  req.session.user = user
  req.user = user
  next()
}

async function requireAdminUser (req, res, next) {
  const user = await getRequestSessionUser(req)
  if (!user) {
    const queryParams = new URLSearchParams(req.query).toString()
    return res.redirect(`/oauth/init?${queryParams}`)
  }
  const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)

  // log for better debugging
  console.info('requireAdminUser - fxaProfileData:' + JSON.stringify(fxaProfileData))

  // https://stackoverflow.com/questions/30469261/checking-for-typeof-error-in-js
  // duck typing and instanceof check to make sure it's an error type
  if (fxaProfileData instanceof Error || (fxaProfileData && fxaProfileData.stack && fxaProfileData.message)) {
    delete req.session.user
    return res.redirect('/')
  }

  try {
    const admins = AppConstants.ADMINS?.split(',') || []
    const isAdmin = admins.includes(JSON.parse(fxaProfileData).email)
    if (!isAdmin) {
      next(new UnauthorizedError('User is not an admin'))
    }

    await updateFxAProfileData(user, fxaProfileData)
    req.session.user = user
    req.user = user
    next()
  } catch (e) {
    next(e)
  }
}

export { requireSessionUser, requireAdminUser }

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	import AppConstants from '../app-constants.js'
6	import { getSubscriberById, updateFxAProfileData } from '../db/tables/subscribers.js'
7	import * as FXA from '../utils/fxa.js'
8	import { UnauthorizedError } from '../utils/error.js'
9
10	async function getRequestSessionUser (req, res, next) {
11	if (req.session && req.session.user) {	×
12	// make sure the user object has all subscribers and email_addresses properties
13	return getSubscriberById(req.session.user.id)	×
14	}
15	return null	×
16	}
17
18	async function requireSessionUser (req, res, next) {
19	const user = await getRequestSessionUser(req)	×
20	if (!user) {	×
21	const queryParams = new URLSearchParams(req.query).toString()	×
22	return res.redirect(`/oauth/init?${queryParams}`)	×
23	}
24	const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)	×
25	if (Object.prototype.hasOwnProperty.call(fxaProfileData, 'name') && fxaProfileData.name === 'HTTPError') {	×
26	delete req.session.user	×
27	return res.redirect('/')	×
28	}
29	await updateFxAProfileData(user, fxaProfileData)	×
30	req.session.user = user	×
31	req.user = user	×
32	next()	×
33	}
34
35	async function requireAdminUser (req, res, next) {
36	const user = await getRequestSessionUser(req)	×
37	if (!user) {	×
38	const queryParams = new URLSearchParams(req.query).toString()	×
39	return res.redirect(`/oauth/init?${queryParams}`)	×
40	}
41	const fxaProfileData = await FXA.getProfileData(user.fxa_access_token)	×
42
43	// log for better debugging
44	console.info('requireAdminUser - fxaProfileData:' + JSON.stringify(fxaProfileData))	×
45
46	// https://stackoverflow.com/questions/30469261/checking-for-typeof-error-in-js
47	// duck typing and instanceof check to make sure it's an error type
48	if (fxaProfileData instanceof Error \|\| (fxaProfileData && fxaProfileData.stack && fxaProfileData.message)) {	×
49	delete req.session.user	×
50	return res.redirect('/')	×
51	}
52
53	try {	×
54	const admins = AppConstants.ADMINS?.split(',') \|\| []	×
55	const isAdmin = admins.includes(JSON.parse(fxaProfileData).email)	×
56	if (!isAdmin) {	×
57	next(new UnauthorizedError('User is not an admin'))	×
58	}
59
60	await updateFxAProfileData(user, fxaProfileData)	×
61	req.session.user = user	×
62	req.user = user	×
63	next()	×
64	} catch (e) {
65	next(e)	×
66	}
67	}
68
69	export { requireSessionUser, requireAdminUser }

mozilla / blurts-server / #12504

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous