ms-users/src/actions/remove.js at 10ad38cf9640bf3a46bbe6fefb1ba40d0830e0bc · makeomatic/ms-users · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
const { ActionTransport } = require('@microfleet/core');
const Promise = require('bluebird');
const Errors = require('common-errors');
const intersection = require('lodash/intersection');
const get = require('../utils/get-value');
const key = require('../utils/key');
const { getInternalData } = require('../utils/userData');
const getMetadata = require('../utils/get-metadata');
const handlePipeline = require('../utils/pipeline-error');
const UserMetadata = require('../utils/metadata/user');
const {
  USERS_INDEX,
  USERS_PUBLIC_INDEX,
  USERS_ALIAS_TO_ID,
  USERS_SSO_TO_ID,
  USERS_USERNAME_TO_ID,
  USERS_USERNAME_FIELD,
  USERS_DATA,
  USERS_METADATA,
  USERS_TOKENS,
  USERS_ID_FIELD,
  USERS_ALIAS_FIELD,
  USERS_ADMIN_ROLE,
  USERS_SUPER_ADMIN_ROLE,
  USERS_ACTION_ACTIVATE,
  USERS_ACTION_RESET,
  USERS_ACTION_PASSWORD,
  USERS_ACTION_REGISTER,
  THROTTLE_PREFIX,
  SSO_PROVIDERS,
  ORGANIZATIONS_MEMBERS,
} = require('../constants');

// intersection of priority users
const ADMINS = [USERS_ADMIN_ROLE, USERS_SUPER_ADMIN_ROLE];

function addMetadata(userData) {
  const { audience } = this;
  const userId = userData[USERS_ID_FIELD];

  return Promise
    .bind(this, [userId, audience])
    .spread(getMetadata)
    .then((metadata) => [userData, metadata]);
}

async function removeOrganizationUser(userId) {
  const { redis, config } = this;
  const { audience } = config.organizations;

  const userOrganizationsKey = key(userId, USERS_METADATA, audience);
  const userOrganizations = await redis.hgetall(userOrganizationsKey);

  if (userOrganizations) {
    const pipeline = redis.pipeline();

    for (const organizationId of Object.keys(userOrganizations)) {
      const memberKey = key(organizationId, ORGANIZATIONS_MEMBERS, userId);
      pipeline.zrem(key(organizationId, ORGANIZATIONS_MEMBERS), memberKey);
    }

    await pipeline.exec().then(handlePipeline);
  }
}

/**
 * @api {amqp} <prefix>.remove Remove User
 * @apiVersion 1.0.0
 * @apiName RemoveUser
 * @apiGroup Users
 *
 * @apiDescription Removes user from system. Be careful as this operation is not revertible.
 *
 * @apiParam (Payload) {String} username - user's email or id
 */
async function removeUser({ params }) {
  const audience = this.config.jwt.defaultAudience;
  const { redis } = this;
  const context = { redis, audience };
  const { username } = params;

  const [internal, meta] = await Promise
    .bind(context, username)
    .then(getInternalData)
    .then(addMetadata);

  const roles = (meta[audience].roles || []);
  if (intersection(roles, ADMINS).length > 0) {
    throw new Errors.HttpStatusError(400, 'can\'t remove admin user from the system');
  }

  const transaction = redis.pipeline();
  const alias = internal[USERS_ALIAS_FIELD];
  const userId = internal[USERS_ID_FIELD];
  const resolvedUsername = internal[USERS_USERNAME_FIELD];
  const metaAudiences = await UserMetadata.using(userId, null, redis).getAudience();
  const userMetadata = UserMetadata.using(userId, null, transaction);

  if (alias) {
    transaction.hdel(USERS_ALIAS_TO_ID, alias.toLowerCase(), alias);
  }

  transaction.hdel(USERS_USERNAME_TO_ID, resolvedUsername);

  // remove refs to SSO account
  for (const provider of SSO_PROVIDERS) {
    const uid = get(internal, `${provider}.uid`, { default: false });

    if (uid) {
      transaction.hdel(USERS_SSO_TO_ID, uid);
    }
  }

  // clean indices
  transaction.srem(USERS_PUBLIC_INDEX, userId);
  transaction.srem(USERS_INDEX, userId);

  // remove metadata & internal data
  transaction.del(key(userId, USERS_DATA));
  for (const metaAudience of metaAudiences) {
    userMetadata.deleteMetadata(metaAudience);
  }

  // remove auth tokens
  transaction.del(key(userId, USERS_TOKENS));

  // remove throttling on actions
  transaction.del(key(THROTTLE_PREFIX, USERS_ACTION_ACTIVATE, userId));
  transaction.del(key(THROTTLE_PREFIX, USERS_ACTION_PASSWORD, userId));
  transaction.del(key(THROTTLE_PREFIX, USERS_ACTION_REGISTER, userId));
  transaction.del(key(THROTTLE_PREFIX, USERS_ACTION_RESET, userId));

  // complete it
  const removeResult = await transaction
    .exec()
    .then(handlePipeline);

  // remove user from organizations
  await removeOrganizationUser.call(this, userId);

  // clear cache
  const now = Date.now();
  await Promise.all([redis.fsortBust(USERS_INDEX, now), redis.fsortBust(USERS_PUBLIC_INDEX, now)]);

  return removeResult;
}

removeUser.transports = [ActionTransport.amqp];

module.exports = removeUser;