implement new post request: create user for specific org

Author: emathew5

src/controller/registry-org.controller/index.js

@@ -541,9 +541,32 @@ router.post('/registryOrg/:shortname/user',
   // // mw.onlyOrgWithPartnerRole,
   mw.onlySecretariat,
   param(['shortname']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
-  body(['cve_program_org_membership'])
+  body(['cve_program_org_membership']).optional().custom(isFlatStringArray), // TO-DO: implement custom(mw.isCveProgramOrgMembershipObject),
+  body(
+    [
+      'user_id',
+      'name.first',
+      'name.last'
+    ])
+    .isString(),
+  body(
+    [
+      'name.middle',
+      'name.suffix',
+      'contact_info.phone',
+      'contact_info.email' // // TO-DO: this needs to be required only when contact-info is present?
+    ])
+    .default('')
+    .isString(),
+  body(['org_affiliations'])
     .optional()
-    .custom(mw.isCveProgramOrgMembershipObject),
+    .custom(isFlatStringArray)
+    .customSanitizer(toUpperCaseArray),
+  body(['authority.active_roles'])
+    .optional()
+    .custom(isFlatStringArray)
+    .customSanitizer(toUpperCaseArray)
+    .custom(isOrgRole), // TO-DO: this needs to be required only when authority is present?
   parseError,
   parsePostParams,
   controller.USER_CREATE_SINGLE)

src/controller/registry-org.controller/registry-org.controller.js

@@ -1,9 +1,11 @@
+const argon2 = require('argon2')
 const uuid = require('uuid')
 const logger = require('../../middleware/logger')
 const { getConstants } = require('../../constants')
 const RegistryOrg = require('../../model/registry-org')
 const RegistryUser = require('../../model/registry-user')
 const errors = require('./error')
+const cryptoRandomString = require('crypto-random-string')
 const error = new errors.RegistryOrgControllerError()
 const validateUUID = require('uuid').validate
 
@@ -98,7 +100,7 @@ async function createOrg (req, res, next) {
       } else if (k === 'short_name') {
         newOrg.short_name = body[k]
       } else if (k === 'aliases') {
-        newOrg.aliases = [...new Set(body[k].active_roles)]
+        newOrg.aliases = [...new Set(body[k])]
       } else if (k === 'cve_program_org_function') {
         newOrg.cve_program_org_function = body[k]
       } else if (k === 'authority') {
@@ -197,7 +199,6 @@ async function updateOrg (req, res, next) {
     const shortName = req.ctx.params.shortname
     const userRepo = req.ctx.repositories.getRegistryUserRepository()
     const registryOrgRepo = req.ctx.repositories.getRegistryOrgRepository()
-    // const shortName = req.ctx.params.shortname
 
     const org = await registryOrgRepo.findOneByShortName(shortName)
     if (!org) {
@@ -375,8 +376,86 @@ async function getUsers (req, res, next) {
   }
 }
 
-function createUserByOrg (req, res, next) {
-  console.log('HERE')
+async function createUserByOrg (req, res, next) {
+  try {
+    const requesterUsername = req.ctx.user
+    const requesterShortName = req.ctx.org
+    const shortName = req.ctx.params.shortname
+
+    const registryUserRepo = req.ctx.repositories.getRegistryUserRepository()
+    const registryOrgRepo = req.ctx.repositories.getRegistryOrgRepository()
+    const orgUUID = await registryOrgRepo.getOrgUUID(shortName)
+    const requesterOrgUUID = await registryOrgRepo.getOrgUUID(requesterShortName)
+    const body = req.ctx.body
+
+    const isSecretariat = await registryOrgRepo.isSecretariat(shortName)
+    const isAdmin = await registryUserRepo.isAdmin(requesterUsername, requesterShortName)
+
+    if (!isSecretariat && !isAdmin) { // may be redundant after validation check is implemented
+      return res.status(403).json(error.notOrgAdminOrSecretariat()) // User must be secretariat or an admin
+    }
+    if (!orgUUID) {
+      return res.status(404).json(error.orgDnePathParam(shortName)) // Org must exist
+    }
+    if (!isSecretariat) { // Admins can only create user within the same org
+      if (orgUUID !== requesterOrgUUID) {
+        return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization
+      }
+    }
+
+    // Creating a new user under specific org
+    const newUser = new RegistryUser()
+    Object.keys(body).map(k => k.toLowerCase()).forEach(k => {
+      if (k === 'user_id' || k === 'username') {
+        newUser.user_id = body[k]
+      } else if (k === 'name') {
+        newUser.name = {
+          first: '',
+          last: '',
+          middle: '',
+          suffix: '',
+          ...body.name
+        }
+      } else if (k === 'org_affiliations') {
+        // TODO: dedupe
+      } else if (k === 'cve_program_org_membership') {
+        // TODO: dedupe
+      } else if (k === 'uuid') {
+        return res.status(400).json(error.uuidProvided('user'))
+      }
+    })
+
+    newUser.UUID = uuid.v4()
+    const randomKey = cryptoRandomString({ length: getConstants().CRYPTO_RANDOM_STRING_LENGTH })
+    newUser.secret = await argon2.hash(randomKey)
+    newUser.last_active = null
+    newUser.deactivation_date = null
+
+    await registryUserRepo.updateByUUID(newUser.UUID, newUser, { upsert: true })
+    const agt = setAggregateUserObj({ UUID: newUser.UUID })
+    let result = await registryUserRepo.aggregate(agt)
+    result = result.length > 0 ? result[0] : null
+
+    const payload = {
+      action: 'create_registry_user',
+      change: result.user_id + ' was successfully created.',
+      req_UUID: req.ctx.uuid,
+      org_UUID: await registryOrgRepo.getOrgUUID(req.ctx.org),
+      user: result
+    }
+    payload.user_UUID = await registryUserRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    logger.info(JSON.stringify(payload))
+
+    result.secret = randomKey
+    const responseMessage = {
+      message: result.user_id + ' was successfully created.',
+      created: result
+    }
+
+    return res.status(200).json(responseMessage)
+  } catch (err) {
+    next(err)
+  }
 }
 
 function setAggregateUserObj (query) {

src/controller/registry-org.controller/registry-org.middleware.js

@@ -6,7 +6,7 @@ const error = new errors.RegistryOrgControllerError()
 
 function parsePostParams (req, res, next) {
   utils.reqCtxMapping(req, 'body', [])
-  utils.reqCtxMapping(req, 'params', ['identifier, shortname'])
+  utils.reqCtxMapping(req, 'params', ['identifier', 'shortname'])
   utils.reqCtxMapping(req, 'query', [
     'long_name', 'short_name', 'aliases',
     'cve_program_org_function', 'authority.active_roles',