From d02dc488a9b03be6a1467ff8fa4d77ae5b773eee Mon Sep 17 00:00:00 2001 From: Jerry Ren Date: Wed, 27 Sep 2023 16:32:17 -0400 Subject: [PATCH 1/6] init commit --- src/controllers/userProfileController.js | 57 ++++++++++++++++++++++++ src/routes/userProfileRouter.js | 3 ++ 2 files changed, 60 insertions(+) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 5f36e91a2..4ee2c7f95 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -2,6 +2,7 @@ const moment = require('moment-timezone'); const mongoose = require('mongoose'); const bcrypt = require('bcryptjs'); +const axios = require('axios') const moment_ = require('moment'); const jwt = require('jsonwebtoken'); @@ -121,6 +122,7 @@ const userProfileController = function (UserProfile) { }, }); + if (userByEmail) { res.status(400).send({ error: 'That email address is already in use. Please choose another email address.', @@ -129,6 +131,47 @@ const userProfileController = function (UserProfile) { return; } + // In dev environment, Check if email exists in beta email + if (process.env.dbName === 'hgnData_dev') { + console.log("🚀 ~ file: userProfileController.js:135 ~ postUserProfile ~ Inside dev environment:") + + const email = "devadmin@hgn.net" + const password = "DeveloperPassword100%!" + const url = "https://hgn-rest-dev.azurewebsites.net/api/" + try { + // log in with axios + let response = await axios.post(url + "login", { + email: email, + password: password + }) + console.log("🚀 ~ file: userProfileController.js:146 ~ postUserProfile ~ response.data:", response.data) + const token = response.data.token + + response = await axios.get(url + "userprofile", { + headers: { + Authorization: token + } + }) + const userProfiles = response.data + const emails = userProfiles.map(profile => profile.email) + console.log("🚀 ~ file: userProfileController.js:156 ~ postUserProfile ~ emails:", emails) + + + // Check if email entered is in this list of real emails + if (!(emails.includes(email))) { + console.log("🚀 ~ file: userProfileController.js:163 ~ postUserProfile ~ email is NOT in emails") + res.status(400).send({ + error: 'That email address does not match a real email address in the beta database. Please enter a real email address associated with an account in the beta database.', + type: 'email', + }); + return; + } + } catch (error) { + console.log("🚀 ~ file: userProfileController.js:147 ~ postUserProfile ~ error:", error) + } + + } + /** * * Turn on and off the duplicate phone number checker by changing * the value of duplicatePhoneNumberCheck variable. @@ -814,6 +857,19 @@ const userProfileController = function (UserProfile) { res.status(200).send({ refreshToken: currentRefreshToken }); }; + const getUserEmails = async (req, res) => { + try { + const userProfiles = await UserProfile.find({}, 'email').lean(); + const userEmails = userProfiles.map(profile => profile.email) + console.log("🚀 ~ file: userProfileController.js:821 ~ getUserEmails ~ userEmails:", userEmails) + res.status(200).send(userEmails); + } catch (error) { + console.error(error); + res.status(500).send('Internal Server Error'); + } + }; + + return { postUserProfile, getUserProfiles, @@ -831,6 +887,7 @@ const userProfileController = function (UserProfile) { getUserByName, getAllUsersWithFacebookLink, refreshToken, + getUserEmails, }; }; diff --git a/src/routes/userProfileRouter.js b/src/routes/userProfileRouter.js index 9032359a8..0850aa27d 100644 --- a/src/routes/userProfileRouter.js +++ b/src/routes/userProfileRouter.js @@ -10,6 +10,9 @@ const routes = function (userProfile) { .get(controller.getUserProfiles) .post(controller.postUserProfile); + userProfileRouter.route('/userProfile/emails') + .get(controller.getUserEmails) + userProfileRouter.route('/userProfile/:userId') .get(controller.getUserById) .put(controller.putUserProfile) From 4f52d0ad8c1b9bd5f23530faecbaf10ab832ee13 Mon Sep 17 00:00:00 2001 From: Jerry Ren Date: Thu, 19 Oct 2023 18:57:39 -0400 Subject: [PATCH 2/6] Call login route in beta server to validate email Whenever an Administrator user is created, utilized newly added 'req.body.betaEmail' and 'req.body.betaPassword' to validate that the provided email address exists in the beta database. --- src/controllers/userProfileController.js | 37 +++++++++--------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 8d5b9a752..58cb562c2 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -106,6 +106,10 @@ const userProfileController = function (UserProfile) { }; const postUserProfile = async function (req, res) { + + console.log("🚀 ~ file: userProfileController.js:110 ~ postUserProfile ~ req.body.betaEmail:", req.body.betaEmail) + console.log("🚀 ~ file: userProfileController.js:112 ~ postUserProfile ~ req.body.betaPassword:", req.body.betaPassword) + if (!await hasPermission(req.body.requestor, 'postUserProfile')) { res.status(403).send('You are not authorized to create new users'); return; @@ -137,9 +141,9 @@ const userProfileController = function (UserProfile) { if (process.env.dbName === 'hgnData_dev') { console.log("🚀 ~ file: userProfileController.js:135 ~ postUserProfile ~ Inside dev environment:") - const email = "devadmin@hgn.net" - const password = "DeveloperPassword100%!" - const url = "https://hgn-rest-dev.azurewebsites.net/api/" + const email = req.body.betaEmail + const password = req.body.betaPassword + const url = "https://hgn-rest-beta.azurewebsites.net/api/" try { // log in with axios let response = await axios.post(url + "login", { @@ -148,28 +152,15 @@ const userProfileController = function (UserProfile) { }) console.log("🚀 ~ file: userProfileController.js:146 ~ postUserProfile ~ response.data:", response.data) const token = response.data.token + console.log("🚀 ~ file: userProfileController.js:155 ~ postUserProfile ~ token:", token) - response = await axios.get(url + "userprofile", { - headers: { - Authorization: token - } - }) - const userProfiles = response.data - const emails = userProfiles.map(profile => profile.email) - console.log("🚀 ~ file: userProfileController.js:156 ~ postUserProfile ~ emails:", emails) - - - // Check if email entered is in this list of real emails - if (!(emails.includes(email))) { - console.log("🚀 ~ file: userProfileController.js:163 ~ postUserProfile ~ email is NOT in emails") - res.status(400).send({ - error: 'That email address does not match a real email address in the beta database. Please enter a real email address associated with an account in the beta database.', - type: 'email', - }); - return; - } } catch (error) { - console.log("🚀 ~ file: userProfileController.js:147 ~ postUserProfile ~ error:", error) + console.log("🚀 ~ file: userProfileController.js:163 ~ postUserProfile ~ error:", error) + res.status(400).send({ + error: 'That email address does not match a real email address in the beta database. Please enter a real email address associated with an account in the beta database.', + type: 'email', + }); + return; } } From 844206b849a4ebef543c3bb0fb314c2d0285e000 Mon Sep 17 00:00:00 2001 From: Jerry Ren Date: Fri, 20 Oct 2023 21:16:24 -0400 Subject: [PATCH 3/6] Use actual email and password on beta login route Use req.body.actualEmail and req.body.actualPassword on the beta login route. If error caught, return 400 error. --- src/controllers/userProfileController.js | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 58cb562c2..65f202932 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -107,9 +107,6 @@ const userProfileController = function (UserProfile) { const postUserProfile = async function (req, res) { - console.log("🚀 ~ file: userProfileController.js:110 ~ postUserProfile ~ req.body.betaEmail:", req.body.betaEmail) - console.log("🚀 ~ file: userProfileController.js:112 ~ postUserProfile ~ req.body.betaPassword:", req.body.betaPassword) - if (!await hasPermission(req.body.requestor, 'postUserProfile')) { res.status(403).send('You are not authorized to create new users'); return; @@ -139,10 +136,9 @@ const userProfileController = function (UserProfile) { // In dev environment, Check if email exists in beta email if (process.env.dbName === 'hgnData_dev') { - console.log("🚀 ~ file: userProfileController.js:135 ~ postUserProfile ~ Inside dev environment:") - const email = req.body.betaEmail - const password = req.body.betaPassword + const email = req.body.actualEmail + const password = req.body.actualPassword const url = "https://hgn-rest-beta.azurewebsites.net/api/" try { // log in with axios @@ -150,19 +146,13 @@ const userProfileController = function (UserProfile) { email: email, password: password }) - console.log("🚀 ~ file: userProfileController.js:146 ~ postUserProfile ~ response.data:", response.data) - const token = response.data.token - console.log("🚀 ~ file: userProfileController.js:155 ~ postUserProfile ~ token:", token) - } catch (error) { - console.log("🚀 ~ file: userProfileController.js:163 ~ postUserProfile ~ error:", error) res.status(400).send({ - error: 'That email address does not match a real email address in the beta database. Please enter a real email address associated with an account in the beta database.', - type: 'email', + error: 'The actual email or password you provided is incorrect. Please enter the actual email and password associated with your account in the Main HGN app.', + type: 'credentials', }); return; } - } /** * @@ -886,7 +876,6 @@ const userProfileController = function (UserProfile) { try { const userProfiles = await UserProfile.find({}, 'email').lean(); const userEmails = userProfiles.map(profile => profile.email) - console.log("🚀 ~ file: userProfileController.js:821 ~ getUserEmails ~ userEmails:", userEmails) res.status(200).send(userEmails); } catch (error) { console.error(error); From 520aaf9507f9b2f70cc45a923963421b944b03ee Mon Sep 17 00:00:00 2001 From: Jerry Ren Date: Mon, 23 Oct 2023 19:05:18 -0400 Subject: [PATCH 4/6] Added actualEmail to userProfile schema In addition, removed unnecessary getEmails() and associated its route. Checked for Owner and Administrator roles before making request to beta login route. Made minor formatting fix in Acutal Password label. --- src/controllers/userProfileController.js | 49 +++++++++--------------- src/models/userProfile.js | 2 + src/routes/userProfileRouter.js | 3 -- 3 files changed, 21 insertions(+), 33 deletions(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 65f202932..e32878737 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -134,24 +134,25 @@ const userProfileController = function (UserProfile) { return; } - // In dev environment, Check if email exists in beta email + // In dev environment, if newly created user is Owner or Administrator, make fetch request to Beta login route with actualEmail and actual Password if (process.env.dbName === 'hgnData_dev') { - - const email = req.body.actualEmail - const password = req.body.actualPassword - const url = "https://hgn-rest-beta.azurewebsites.net/api/" - try { - // log in with axios - let response = await axios.post(url + "login", { - email: email, - password: password - }) - } catch (error) { - res.status(400).send({ - error: 'The actual email or password you provided is incorrect. Please enter the actual email and password associated with your account in the Main HGN app.', - type: 'credentials', - }); - return; + if (req.body.role === 'Owner' || req.body.role === 'Administrator') { + const email = req.body.actualEmail + const password = req.body.actualPassword + const url = "https://hgn-rest-beta.azurewebsites.net/api/" + try { + // Log in to Beta login route using provided credentials + let response = await axios.post(url + "login", { + email: email, + password: password + }) + } catch (error) { + res.status(400).send({ + error: 'The actual email or password you provided is incorrect. Please enter the actual email and password associated with your account in the Main HGN app.', + type: 'credentials', + }); + return; + } } } @@ -222,6 +223,7 @@ const userProfileController = function (UserProfile) { up.permissions = req.body.permissions; up.bioPosted = req.body.bioPosted || "default"; up.isFirstTimelog = true; + up.actualEmail = req.body.actualEmail; up.save() .then(() => { @@ -871,19 +873,7 @@ const userProfileController = function (UserProfile) { const currentRefreshToken = jwt.sign(jwtPayload, JWT_SECRET); res.status(200).send({ refreshToken: currentRefreshToken }); }; - - const getUserEmails = async (req, res) => { - try { - const userProfiles = await UserProfile.find({}, 'email').lean(); - const userEmails = userProfiles.map(profile => profile.email) - res.status(200).send(userEmails); - } catch (error) { - console.error(error); - res.status(500).send('Internal Server Error'); - } - }; - return { postUserProfile, getUserProfiles, @@ -901,7 +891,6 @@ const userProfileController = function (UserProfile) { getUserByName, getAllUsersWithFacebookLink, refreshToken, - getUserEmails, }; }; diff --git a/src/models/userProfile.js b/src/models/userProfile.js index a58d1d293..483eb228f 100644 --- a/src/models/userProfile.js +++ b/src/models/userProfile.js @@ -160,6 +160,8 @@ const userProfileSchema = new Schema({ areaName: { type: String }, areaContent: { type: String }, }], + // actualEmail field represents the actual email associated with a real volunteer in the main HGN app. actualEmail is required for Administrator and Owner accounts only in the dev environment. + actualEmail: { type: String }, }); userProfileSchema.pre('save', function (next) { diff --git a/src/routes/userProfileRouter.js b/src/routes/userProfileRouter.js index 0850aa27d..9032359a8 100644 --- a/src/routes/userProfileRouter.js +++ b/src/routes/userProfileRouter.js @@ -10,9 +10,6 @@ const routes = function (userProfile) { .get(controller.getUserProfiles) .post(controller.postUserProfile); - userProfileRouter.route('/userProfile/emails') - .get(controller.getUserEmails) - userProfileRouter.route('/userProfile/:userId') .get(controller.getUserById) .put(controller.putUserProfile) From 8b15e162ad154d8d34cd084e0c8a5a2760972167 Mon Sep 17 00:00:00 2001 From: Jerry Ren Date: Mon, 23 Oct 2023 19:08:02 -0400 Subject: [PATCH 5/6] Added axios to package.json --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 1c6b8a5d4..85fb77a4f 100644 --- a/package.json +++ b/package.json @@ -46,6 +46,7 @@ "@babel/runtime": "^7.10.2", "@sentry/node": "^5.17.0", "async-exit-hook": "^2.0.1", + "axios": "^1.5.1", "babel-plugin-module-resolver": "^5.0.0", "bcryptjs": "^2.4.3", "body-parser": "^1.18.3", From e93f61a3f0a3575ff08c3e3d7280812fe8daedea Mon Sep 17 00:00:00 2001 From: Jerry Ren Date: Wed, 1 Nov 2023 13:24:10 -0400 Subject: [PATCH 6/6] Replaced axios with fetch Removed axios from package.json. And replaced axios call with fetch call. --- package.json | 1 - src/controllers/userProfileController.js | 16 +++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 85fb77a4f..1c6b8a5d4 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,6 @@ "@babel/runtime": "^7.10.2", "@sentry/node": "^5.17.0", "async-exit-hook": "^2.0.1", - "axios": "^1.5.1", "babel-plugin-module-resolver": "^5.0.0", "bcryptjs": "^2.4.3", "body-parser": "^1.18.3", diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index e32878737..a36b1c065 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -2,7 +2,7 @@ const moment = require('moment-timezone'); const mongoose = require('mongoose'); const bcrypt = require('bcryptjs'); -const axios = require('axios') +const fetch = require("node-fetch"); const moment_ = require('moment'); const jwt = require('jsonwebtoken'); @@ -142,10 +142,16 @@ const userProfileController = function (UserProfile) { const url = "https://hgn-rest-beta.azurewebsites.net/api/" try { // Log in to Beta login route using provided credentials - let response = await axios.post(url + "login", { - email: email, - password: password - }) + const response = await fetch(url + 'login', { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: JSON.stringify({ email, password }), + }); + if (!response.ok) { + throw new Error('Invalid credentials'); + } } catch (error) { res.status(400).send({ error: 'The actual email or password you provided is incorrect. Please enter the actual email and password associated with your account in the Main HGN app.',