coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Backend support

Browse Source
This commit is contained in:
Jori Lallo
2018-03-04 15:38:51 -08:00
parent 7272b24eaf
commit 3d6b9466fb
11 changed files with 414 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
server/api/__snapshots__/user.test.js.snap
View File

@ -1,5 +1,64 @@
// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`#user.activate should activate a suspended user 1`] = `
Object {
"data": Object {
"avatarUrl": "http://example.com/avatar.png",
"email": "user1@example.com",
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
"isAdmin": false,
"isSuspended": false,
"name": "User 1",
"username": "user1",
},
"ok": true,
"status": 200,
}
`;
exports[`#user.activate should require admin 1`] = `
Object {
"error": "admin_required",
"message": "An admin role is required to access this resource",
"ok": false,
"status": 403,
}
`;
exports[`#user.demote should demote an admin 1`] = `
Object {
"data": Object {
"avatarUrl": "http://example.com/avatar.png",
"email": "user1@example.com",
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
"isAdmin": false,
"isSuspended": false,
"name": "User 1",
"username": "user1",
},
"ok": true,
"status": 200,
}
`;
exports[`#user.demote should require admin 1`] = `
Object {
"error": "admin_required",
"message": "An admin role is required to access this resource",
"ok": false,
"status": 403,
}
`;
exports[`#user.demote shouldn't demote admins if only one available 1`] = `
Object {
"error": "validation_error",
"message": "At least one admin is required",
"ok": false,
"status": 400,
}
`;
exports[`#user.info should require authentication 1`] = `
Object {
"error": "authentication_required",
@ -22,6 +81,65 @@ Object {
}
`;
exports[`#user.promote should promote a new admin 1`] = `
Object {
"data": Object {
"avatarUrl": "http://example.com/avatar.png",
"email": "user1@example.com",
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
"isAdmin": true,
"isSuspended": false,
"name": "User 1",
"username": "user1",
},
"ok": true,
"status": 200,
}
`;
exports[`#user.promote should require admin 1`] = `
Object {
"error": "admin_required",
"message": "An admin role is required to access this resource",
"ok": false,
"status": 403,
}
`;
exports[`#user.suspend should require admin 1`] = `
Object {
"error": "admin_required",
"message": "An admin role is required to access this resource",
"ok": false,
"status": 403,
}
`;
exports[`#user.suspend should suspend an user 1`] = `
Object {
"data": Object {
"avatarUrl": "http://example.com/avatar.png",
"email": "user1@example.com",
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
"isAdmin": false,
"isSuspended": true,
"name": "User 1",
"username": "user1",
},
"ok": true,
"status": 200,
}
`;
exports[`#user.suspend shouldn't allow suspending the user themselves 1`] = `
Object {
"error": "validation_error",
"message": "Unable to suspend the current user",
"ok": false,
"status": 400,
}
`;
exports[`#user.update should require authentication 1`] = `
Object {
"error": "authentication_required",

42
server/api/team.js
View File

@ -1,14 +1,11 @@
// @flow
import Router from 'koa-router';
import { ValidationError } from '../errors';
import { Team, User } from '../models';
import { User } from '../models';
import auth from './middlewares/authentication';
import pagination from './middlewares/pagination';
import { presentUser } from '../presenters';
import policy from '../policies';
const { authorize } = policy;
const router = new Router();
router.post('team.users', auth(), pagination(), async ctx => {
@ -31,41 +28,4 @@ router.post('team.users', auth(), pagination(), async ctx => {
};
});
router.post('team.addAdmin', auth(), async ctx => {
const userId = ctx.body.user;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'promote', user);
const team = await Team.findById(teamId);
await team.addAdmin(user);
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
router.post('team.removeAdmin', auth(), async ctx => {
const userId = ctx.body.user;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'demote', user);
const team = await Team.findById(teamId);
try {
await team.removeAdmin(user);
} catch (err) {
throw new ValidationError(err.message);
}
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
export default router;

69
server/api/team.test.js
View File

@ -34,72 +34,3 @@ describe('#team.users', async () => {
expect(body).toMatchSnapshot();
});
});
describe('#team.addAdmin', async () => {
it('should promote a new admin', async () => {
const { admin, user } = await seed();
const res = await server.post('/api/team.addAdmin', {
body: { token: admin.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body).toMatchSnapshot();
});
it('should require admin', async () => {
const { user } = await seed();
const res = await server.post('/api/team.addAdmin', {
body: { token: user.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
});
describe('#team.removeAdmin', async () => {
it('should demote an admin', async () => {
const { admin, user } = await seed();
await user.update({ isAdmin: true }); // Make another admin
const res = await server.post('/api/team.removeAdmin', {
body: {
token: admin.getJwtToken(),
user: user.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body).toMatchSnapshot();
});
it("shouldn't demote admins if only one available ", async () => {
const { admin } = await seed();
const res = await server.post('/api/team.removeAdmin', {
body: {
token: admin.getJwtToken(),
user: admin.id,
},
});
const body = await res.json();
expect(res.status).toEqual(400);
expect(body).toMatchSnapshot();
});
it('should require admin', async () => {
const { user } = await seed();
const res = await server.post('/api/team.addAdmin', {
body: { token: user.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
});

92
server/api/user.js
View File

@ -2,10 +2,13 @@
import uuid from 'uuid';
import Router from 'koa-router';
import { makePolicy, signPolicy, publicS3Endpoint } from '../utils/s3';
import { Event } from '../models';
import { ValidationError } from '../errors';
import { Event, User, Team } from '../models';
import auth from './middlewares/authentication';
import { presentUser } from '../presenters';
import policy from '../policies';
const { authorize } = policy;
const router = new Router();
router.post('user.info', auth(), async ctx => {
@ -75,4 +78,91 @@ router.post('user.s3Upload', auth(), async ctx => {
};
});
// Admin specific
router.post('user.promote', auth(), async ctx => {
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'promote', user);
const team = await Team.findById(teamId);
await team.addAdmin(user);
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
router.post('user.demote', auth(), async ctx => {
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'demote', user);
const team = await Team.findById(teamId);
try {
await team.removeAdmin(user);
} catch (err) {
throw new ValidationError(err.message);
}
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
/**
* Suspend user
*
* Admin can suspend users to reduce the number of accounts on their billing plan
*/
router.post('user.suspend', auth(), async ctx => {
const admin = ctx.state.user;
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'user is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'suspend', user);
const team = await Team.findById(teamId);
try {
await team.suspendUser(user, admin);
} catch (err) {
throw new ValidationError(err.message);
}
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
/**
* Activate user
*
* Admin can activate users to let them access resources. These users will also
* account towards the billing plan limits.
*/
router.post('user.activate', auth(), async ctx => {
const admin = ctx.state.user;
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'user is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'activate', user);
const team = await Team.findById(teamId);
await team.activateUser(user, admin);
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
export default router;

145
server/api/user.test.js
View File

@ -66,3 +66,148 @@ describe('#user.update', async () => {
expect(body).toMatchSnapshot();
});
});
describe('#user.promote', async () => {
it('should promote a new admin', async () => {
const { admin, user } = await seed();
const res = await server.post('/api/user.promote', {
body: { token: admin.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body).toMatchSnapshot();
});
it('should require admin', async () => {
const { user } = await seed();
const res = await server.post('/api/user.promote', {
body: { token: user.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
});
describe('#user.demote', async () => {
it('should demote an admin', async () => {
const { admin, user } = await seed();
await user.update({ isAdmin: true }); // Make another admin
const res = await server.post('/api/user.demote', {
body: {
token: admin.getJwtToken(),
user: user.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body).toMatchSnapshot();
});
it("shouldn't demote admins if only one available ", async () => {
const { admin } = await seed();
const res = await server.post('/api/user.demote', {
body: {
token: admin.getJwtToken(),
user: admin.id,
},
});
const body = await res.json();
expect(res.status).toEqual(400);
expect(body).toMatchSnapshot();
});
it('should require admin', async () => {
const { user } = await seed();
const res = await server.post('/api/user.promote', {
body: { token: user.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
});
describe('#user.suspend', async () => {
it('should suspend an user', async () => {
const { admin, user } = await seed();
const res = await server.post('/api/user.suspend', {
body: {
token: admin.getJwtToken(),
user: user.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body).toMatchSnapshot();
});
it("shouldn't allow suspending the user themselves", async () => {
const { admin } = await seed();
const res = await server.post('/api/user.suspend', {
body: {
token: admin.getJwtToken(),
user: admin.id,
},
});
const body = await res.json();
expect(res.status).toEqual(400);
expect(body).toMatchSnapshot();
});
it('should require admin', async () => {
const { user } = await seed();
const res = await server.post('/api/user.suspend', {
body: { token: user.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
});
describe('#user.activate', async () => {
it('should activate a suspended user', async () => {
const { admin, user } = await seed();
await user.update({
suspendedById: admin.id,
suspendedAt: new Date(),
});
expect(user.isSuspended).toBe(true);
const res = await server.post('/api/user.activate', {
body: {
token: admin.getJwtToken(),
user: user.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body).toMatchSnapshot();
});
it('should require admin', async () => {
const { user } = await seed();
const res = await server.post('/api/user.activate', {
body: { token: user.getJwtToken(), user: user.id },
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
});

18
server/migrations/20180303193036-suspended-users.js Normal file
View File

@ -0,0 +1,18 @@
module.exports = {
up: async (queryInterface, Sequelize) => {
await queryInterface.addColumn('users', 'suspendedById', {
type: Sequelize.UUID,
});
await queryInterface.addColumn('users', 'suspendedAt', {
type: Sequelize.DATE,
allowNull: true,
});
},
down: async (queryInterface, Sequelize) => {
await queryInterface.removeColumn('users', 'suspendedById');
await queryInterface.removeColumn('users', 'suspendedAt');
}
};

16
server/models/Team.js
View File

@ -63,4 +63,20 @@ Team.prototype.removeAdmin = async function(user: User) {
}
};
Team.prototype.suspendUser = async function(user: User, admin: User) {
if (user.id === admin.id)
throw new Error('Unable to suspend the current user');
return user.update({
suspendedById: admin.id,
suspendedAt: new Date(),
});
};
Team.prototype.activateUser = async function(user: User, admin: User) {
return user.update({
suspendedById: null,
suspendedAt: null,
});
};
export default Team;

10
server/models/User.js
View File

@ -28,8 +28,14 @@ const User = sequelize.define(
slackId: { type: DataTypes.STRING, allowNull: true, unique: true },
slackData: DataTypes.JSONB,
jwtSecret: encryptedFields.vault('jwtSecret'),
suspendedAt: DataTypes.DATE,
},
{
getterMethods: {
isSuspended() {
return !!this.suspendedAt;
},
},
indexes: [
{
fields: ['email'],
@ -43,6 +49,10 @@ User.associate = models => {
User.hasMany(models.ApiKey, { as: 'apiKeys' });
User.hasMany(models.Document, { as: 'documents' });
User.hasMany(models.View, { as: 'views' });
User.belongsTo(models.User, {
as: 'suspendedBy',
foreignKey: 'suspendedById',
});
};
// Instance methods

16
server/pages/Api.js
View File

@ -528,32 +528,24 @@ export default function Pricing() {
<Arguments pagination />
</Method>
<Method method="team.addAdmin" label="Promote a new admin user">
<Method method="user.promote" label="Promote a new admin user">
<Description>
Promote a user to be a team admin. This endpoint is only available
for admin users.
</Description>
<Arguments pagination>
<Argument
id="user"
description="User ID to be promoted"
required
/>
<Argument id="id" description="User ID to be promoted" required />
</Arguments>
</Method>
<Method method="team.removeAdmin" label="Demote existing admin user">
<Method method="user.demote" label="Demote existing admin user">
<Description>
Demote existing team admin if there are more than one as one admin
is always required. This endpoint is only available for admin
users.
</Description>
<Arguments pagination>
<Argument
id="user"
description="User ID to be demoted"
required
/>
<Argument id="id" description="User ID to be demoted" required />
</Arguments>
</Method>
</Methods>

9
server/policies/user.js
View File

@ -19,8 +19,13 @@ allow(User, ['update', 'delete'], User, (actor, user) => {
throw new AdminRequiredError();
});
allow(User, ['promote', 'demote'], User, (actor, user) => {
allow(
User,
['promote', 'demote', 'activate', 'suspend'],
User,
(actor, user) => {
if (!user || user.teamId !== actor.teamId) return false;
if (actor.isAdmin) return true;
throw new AdminRequiredError();
});
}
);

1
server/presenters/user.js
View File

@ -30,6 +30,7 @@ export default (
if (options.includeDetails) {
userData.isAdmin = user.isAdmin;
userData.isSuspended = user.isSuspended;
userData.email = user.email;
}