Bugfix/sponsor role binding (#288)

pierreTklein · web-flow · commit 85f9ca544a27 · 2019-01-14T23:00:52.000-05:00
* Fix sponsor role binding addition

* Fix sponsor role binding addition

* Fix Sponsor account creation

* comments, docs

* make JWT optional
diff --git a/docs/api/api_data.js b/docs/api/api_data.js
@@ -71,7 +71,14 @@ define({
               "field": "phoneNumber",
               "description": "<p>the user's phone number, represented as a string.</p>"
             }
-          ]
+          ],
+          "header": [{
+            "group": "header",
+            "type": "JWT",
+            "optional": true,
+            "field": "token",
+            "description": "<p>the user's invite token.</p>"
+          }]
         },
         "examples": [{
           "title": "Request-Example:",
diff --git a/docs/api/api_data.json b/docs/api/api_data.json
@@ -70,7 +70,14 @@
             "field": "phoneNumber",
             "description": "<p>the user's phone number, represented as a string.</p>"
           }
-        ]
+        ],
+        "header": [{
+          "group": "header",
+          "type": "JWT",
+          "optional": true,
+          "field": "token",
+          "description": "<p>the user's invite token.</p>"
+        }]
       },
       "examples": [{
         "title": "Request-Example:",
diff --git a/middlewares/auth.middleware.js b/middlewares/auth.middleware.js
@@ -423,6 +423,17 @@ function createRoleBindings(roleName = undefined) {
     });
 }
 
+/**
+ * Adds a rolebinding between the user and the role with the name stored in 'accountType'. 
+ * @param {{user: {id: ObjectId, accountType: string}}} req 
+ * @param {*} res 
+ * @param {(err?) => void} next 
+ */
+async function addAccountTypeRoleBinding(req, res, next) {
+    await Services.RoleBinding.createRoleBindingByRoleName(req.user.id, req.user.accountType);
+    return next();
+}
+
 /**
  * Middleware to retrieve all the roles in the database
  * @param {*} req 
@@ -450,6 +461,7 @@ module.exports = {
     getAccountTypeFromConfirmationToken: Middleware.Util.asyncMiddleware(getAccountTypeFromConfirmationToken),
     validateConfirmationTokenWithoutAccount: Middleware.Util.asyncMiddleware(validateConfirmationTokenWithoutAccount),
     createRoleBindings: createRoleBindings,
+    addAccountTypeRoleBinding: Middleware.Util.asyncMiddleware(addAccountTypeRoleBinding),
     addCreationRoleBindings: Middleware.Util.asyncMiddleware(addCreationRoleBindings),
     resendConfirmAccountEmail: Middleware.Util.asyncMiddleware(resendConfirmAccountEmail),
     retrieveRoleBindings: Middleware.Util.asyncMiddleware(retrieveRoleBindings),
diff --git a/middlewares/validators/account.validator.js b/middlewares/validators/account.validator.js
@@ -11,7 +11,7 @@ module.exports = {
         VALIDATOR.alphaArrayValidator("body", "dietaryRestrictions", false),
         VALIDATOR.enumValidator("body", "shirtSize", Constants.SHIRT_SIZES, false),
         VALIDATOR.passwordValidator("body", "password", false),
-        VALIDATOR.jwtValidator("param", "token", process.env.JWT_CONFIRM_ACC_SECRET, true),
+        VALIDATOR.jwtValidator("header", "token", process.env.JWT_CONFIRM_ACC_SECRET, true),
         VALIDATOR.dateValidator("body", "birthDate", false),
         VALIDATOR.phoneNumberValidator("body", "phoneNumber", false)
     ],
diff --git a/models/account.model.js b/models/account.model.js
@@ -42,7 +42,7 @@ const AccountSchema = new mongoose.Schema({
     },
     accountType: {
         type: String,
-        enum: Constants.USER_TYPES,
+        enum: Constants.EXTENDED_USER_TYPES,
         default: Constants.HACKER
     },
     birthDate: {
diff --git a/routes/api/account.js b/routes/api/account.js
@@ -75,6 +75,7 @@ module.exports = {
          * @apiParam (body) {String} password The password of the account.
          * @apiParam (body) {String} birthDate a Date parsable string.
          * @apiParam (body) {Number} phoneNumber the user's phone number, represented as a string.
+         * @apiParam (header) {JWT} [token] the user's invite token.
          * 
          * @apiParamExample {json} Request-Example:
          *      { 
diff --git a/routes/api/sponsor.js b/routes/api/sponsor.js
@@ -98,7 +98,7 @@ module.exports = {
 
             Middleware.Sponsor.parseSponsor,
 
-            Middleware.Auth.createRoleBindings(CONSTANTS.SPONSOR),
+            Middleware.Auth.addAccountTypeRoleBinding,
 
             Middleware.Sponsor.createSponsor,
             Controllers.Sponsor.createdSponsor

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,7 @@ module.exports = {`
`75`	`75`	`* @apiParam (body) {String} password The password of the account.`
`76`	`76`	`* @apiParam (body) {String} birthDate a Date parsable string.`
`77`	`77`	`* @apiParam (body) {Number} phoneNumber the user's phone number, represented as a string.`
	`78`	`+ * @apiParam (header) {JWT} [token] the user's invite token.`
`78`	`79`	`*`
`79`	`80`	`* @apiParamExample {json} Request-Example:`
`80`	`81`	`* {`