Skip to content

Commit 092a325

Browse files
authored
Merge pull request #1838 from CVEProject/af-1423
Resolves issue #1423, Add registry user expansion tests and update coverage
2 parents d371eb3 + e1418bc commit 092a325

16 files changed

Lines changed: 1148 additions & 84 deletions

schemas/registry-user/BaseUser.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,4 +101,4 @@
101101
"required": [
102102
"username"
103103
]
104-
}
104+
}

schemas/registry-user/create-registry-user-request.json

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -31,20 +31,6 @@
3131
},
3232
"required": ["first", "last"]
3333
},
34-
"org_affiliations": {
35-
"type": "array",
36-
"items": {
37-
"type": "string"
38-
},
39-
"description": "UUIDs of organizations the user is affiliated with"
40-
},
41-
"cve_program_org_membership": {
42-
"type": "array",
43-
"items": {
44-
"type": "string"
45-
},
46-
"description": "UUIDs of CVE program organizations the user is a member of"
47-
},
4834
"authority": {
4935
"type": "object",
5036
"properties": {

schemas/registry-user/create-registry-user-response.json

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -42,20 +42,6 @@
4242
},
4343
"required": ["first", "last"]
4444
},
45-
"org_affiliations": {
46-
"type": "array",
47-
"items": {
48-
"type": "string"
49-
},
50-
"description": "UUIDs of organizations the user is affiliated with"
51-
},
52-
"cve_program_org_membership": {
53-
"type": "array",
54-
"items": {
55-
"type": "string"
56-
},
57-
"description": "UUIDs of CVE program organizations the user is a member of"
58-
},
5945
"authority": {
6046
"type": "object",
6147
"properties": {
@@ -115,4 +101,4 @@
115101
}
116102
}
117103
}
118-
}
104+
}

schemas/registry-user/get-registry-user-response.json

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -43,20 +43,6 @@
4343
"enum": ["ADMIN"],
4444
"description": "The role of the user in the organization. Currently only 'ADMIN' is supported."
4545
},
46-
"org_affiliations": {
47-
"type": "array",
48-
"items": {
49-
"type": "string"
50-
},
51-
"description": "UUIDs of organizations the user is affiliated with"
52-
},
53-
"cve_program_org_membership": {
54-
"type": "array",
55-
"items": {
56-
"type": "string"
57-
},
58-
"description": "UUIDs of CVE program organizations the user is a member of"
59-
},
6046
"authority": {
6147
"type": "object",
6248
"properties": {
@@ -127,4 +113,4 @@
127113
"description": "Timestamp of the last update to the user data"
128114
}
129115
}
130-
}
116+
}

schemas/registry-user/update-registry-user-request.json

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -30,20 +30,6 @@
3030
}
3131
}
3232
},
33-
"org_affiliations": {
34-
"type": "array",
35-
"items": {
36-
"type": "string"
37-
},
38-
"description": "UUIDs of organizations the user is affiliated with"
39-
},
40-
"cve_program_org_membership": {
41-
"type": "array",
42-
"items": {
43-
"type": "string"
44-
},
45-
"description": "UUIDs of CVE program organizations the user is a member of"
46-
},
4733
"authority": {
4834
"type": "object",
4935
"properties": {

schemas/registry-user/update-registry-user-response.json

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -42,20 +42,6 @@
4242
},
4343
"required": ["first", "last"]
4444
},
45-
"org_affiliations": {
46-
"type": "array",
47-
"items": {
48-
"type": "string"
49-
},
50-
"description": "UUIDs of organizations the user is affiliated with"
51-
},
52-
"cve_program_org_membership": {
53-
"type": "array",
54-
"items": {
55-
"type": "string"
56-
},
57-
"description": "UUIDs of CVE program organizations the user is a member of"
58-
},
5945
"authority": {
6046
"type": "object",
6147
"properties": {
@@ -115,4 +101,4 @@
115101
}
116102
}
117103
}
118-
}
104+
}

src/controller/registry-user.controller/registry-user.controller.js

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,14 @@ const validateUUID = require('uuid').validate
77
const _ = require('lodash')
88
const authContext = require('../../utils/authContext')
99

10+
const immutableUpdateFields = ['created', 'last_updated']
11+
12+
function removeImmutableUpdateFields (body) {
13+
immutableUpdateFields.forEach(field => {
14+
delete body[field]
15+
})
16+
}
17+
1018
/**
1119
* Retrieves information about all registry users.
1220
*
@@ -249,6 +257,9 @@ async function updateUser (req, res, next) {
249257

250258
const body = req.ctx.body
251259

260+
// These fields are returned by GET responses, but remain server-managed on update.
261+
removeImmutableUpdateFields(body)
262+
252263
if ('secret' in body) {
253264
logger.info({ uuid: req.ctx.uuid, message: 'User attempted to update the secret.' })
254265
return res.status(400).json(error.secretUpdateNotAllowed())
@@ -361,13 +372,6 @@ async function updateUser (req, res, next) {
361372
logger.info({ uuid: req.ctx.uuid, message: userToEditParameters.username + ' user could not be found.' })
362373
return res.status(404).json(error.userDne(userToEditParameters.username))
363374
}
364-
365-
if (!isSecretariat) {
366-
// For now, we want to make sure that no one, other than a secretariat can edit time fields
367-
delete body.created
368-
delete body.last_updated
369-
}
370-
371375
let result
372376
let updatedUser
373377
let updatedUserUUID

src/controller/registry-user.controller/registry-user.middleware.js

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,7 @@ function parsePostParams (req, res, next) {
88
utils.reqCtxMapping(req, 'params', ['identifier', 'shortname'])
99
utils.reqCtxMapping(req, 'query', [
1010
'new_username',
11-
'name.first', 'name.last', 'name.middle', 'name.suffix',
12-
'org_affiliations.add', 'org_affiliations.remove',
13-
'cve_program_org_membership.add', 'cve_program_org_membership.remove'
11+
'name.first', 'name.last', 'name.middle', 'name.suffix'
1412
])
1513
next()
1614
}

src/controller/user.controller/error.js

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,27 @@ class UserControllerError extends idrErr.IDRError {
3737
return err
3838
}
3939

40+
userExists (username) { // org
41+
const err = {}
42+
err.error = 'USER_EXISTS'
43+
err.message = `The user '${username}' already exists.`
44+
return err
45+
}
46+
47+
uuidProvided (creationType) {
48+
const err = {}
49+
err.error = 'UUID_PROVIDED'
50+
err.message = `Providing UUIDs for ${creationType} creation or update is not allowed.`
51+
return err
52+
}
53+
54+
userLimitReached () {
55+
const err = {}
56+
err.error = 'NUMBER_OF_USERS_IN_ORG_LIMIT_REACHED'
57+
err.message = 'The requested user can not be created and added to the organization because the organization has hit its limit of 100 users. Contact the Secretariat.'
58+
return err
59+
}
60+
4061
duplicateUsername () { // org
4162
const err = {}
4263
err.error = 'DUPLICATE_USERNAME'

test/integration-tests/registry-user/registryUserCRUDTest.js

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
/* eslint-disable no-unused-expressions */
2+
13
const chai = require('chai')
24
const expect = chai.expect
35
chai.use(require('chai-http'))
@@ -71,6 +73,101 @@ const createRegistryUser = async () => {
7173

7274
describe('Testing /registryUser endpoints', () => {
7375
context('Positive Tests', () => {
76+
it('Gets a list of all registry users', async () => {
77+
await chai.request(app)
78+
.get('/api/registryUser')
79+
.set(secretariatHeaders)
80+
.then((res) => {
81+
expect(res).to.have.status(200)
82+
expect(res.body).to.have.property('users')
83+
expect(res.body.users).to.be.an('array').that.is.not.empty
84+
})
85+
})
86+
87+
it('Gets a registry user by UUID', async () => {
88+
let user
89+
await chai.request(app)
90+
.get('/api/registry/org/win_5/user/jasminesmith@win_5.com')
91+
.set(secretariatHeaders)
92+
.then((res) => {
93+
expect(res).to.have.status(200)
94+
user = res.body
95+
})
96+
97+
await chai.request(app)
98+
.get(`/api/registryUser/${user.UUID}`)
99+
.set(secretariatHeaders)
100+
.then((res) => {
101+
expect(res).to.have.status(200)
102+
expect(res.body).to.have.property('UUID', user.UUID)
103+
expect(res.body).to.have.property('username', user.username)
104+
expect(res.body).to.not.have.property('secret')
105+
})
106+
})
107+
108+
it('Creates, updates, and deletes a registry user by UUID', async () => {
109+
const username = `${uuidv4()}@registry-user.test`
110+
let userUUID
111+
112+
await chai.request(app)
113+
.post('/api/registryUser/range_4')
114+
.set(secretariatHeaders)
115+
.send({
116+
username,
117+
name: {
118+
first: 'Registry',
119+
last: 'User'
120+
},
121+
status: 'active'
122+
})
123+
.then((res) => {
124+
expect(res).to.have.status(200)
125+
expect(res.body).to.have.property('created')
126+
expect(res.body.created).to.have.property('UUID')
127+
expect(res.body.created).to.have.property('username', username)
128+
userUUID = res.body.created.UUID
129+
})
130+
131+
let user
132+
await chai.request(app)
133+
.get(`/api/registryUser/${userUUID}`)
134+
.set(secretariatHeaders)
135+
.then((res) => {
136+
expect(res).to.have.status(200)
137+
user = res.body
138+
})
139+
140+
await chai.request(app)
141+
.put(`/api/registryUser/${userUUID}`)
142+
.set(secretariatHeaders)
143+
.send({
144+
...user,
145+
name: {
146+
...user.name,
147+
first: 'UpdatedRegistry'
148+
}
149+
})
150+
.then((res) => {
151+
expect(res).to.have.status(200)
152+
expect(res.body.updated.name.first).to.equal('UpdatedRegistry')
153+
})
154+
155+
await chai.request(app)
156+
.delete(`/api/registryUser/${userUUID}`)
157+
.set(secretariatHeaders)
158+
.then((res) => {
159+
expect(res).to.have.status(200)
160+
expect(res.body.message).to.contain(`${username} was successfully deleted`)
161+
})
162+
163+
await chai.request(app)
164+
.get(`/api/registryUser/${userUUID}`)
165+
.set(secretariatHeaders)
166+
.then((res) => {
167+
expect(res).to.have.status(404)
168+
})
169+
})
170+
74171
it('Logs the updated user UUID when updating a registry user by identifier', async () => {
75172
const { createdUser } = await createRegistryUser()
76173
const loggerInfoStub = sinon.stub(logger, 'info')

0 commit comments

Comments
 (0)