feat(authorizing): new invalid login base

AEGEE · Apr 10, 2020 · bebc261 · bebc261
1 parent a8de599
commit bebc261
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 7 deletions.
diff --git a/lib/errors.js b/lib/errors.js
@@ -4,6 +4,7 @@ exports.makeError = (res, statusCode, err) => {
     // 2) 'err' is a SequelizeValidationError
     // 3) 'err' is a SequelizeUniqueConstraintError
     // 4) 'err' is Error
+    // 5) 'err' is Object
 
     // If the error is a string, just forward it to user.
     if (typeof err === 'string') {
@@ -29,6 +30,13 @@ exports.makeError = (res, statusCode, err) => {
         });
     }
 
+    if (typeof err === 'object' && !(err instanceof Error)) {
+        return res.status(statusCode).json({
+            success: false,
+            errors: err
+        });
+    }
+
     // Otherwise, just pass the error message.
     return res.status(statusCode).json({
         success: false,

diff --git a/middlewares/login.js b/middlewares/login.js
@@ -30,6 +30,14 @@ module.exports.login = async (req, res) => {
         return errors.makeUnauthorizedError(res, 'Please confirm your mail first.');
     }
 
+    // Some fields can be empty while registering, but we shouldn't allow login for such users.
+    // TODO: think about how to make it work.
+    // const notValidFields = user.notValidFields();
+    // if (Object.keys(notValidFields).length !== 0) {
+    //     return errors.makeValidationError(res, notValidFields);
+    // }
+
+
     const accessToken = await AccessToken.createForUser(user.id);
     const refreshToken = await RefreshToken.createForUser(user.id);
 
@@ -42,6 +50,60 @@ module.exports.login = async (req, res) => {
     });
 };
 
+// module.exports.getUserUnauthorized = async (req, res) => {
+//     const username = (req.body.username || '').trim();
+
+//     const user = await User.scope('withPassword').findOne({
+//         where: {
+//             [Sequelize.Op.or]: {
+//                 email: username,
+//                 username
+//             }
+//         }
+//     });
+
+//     if (!user) {
+//         return errors.makeUnauthorizedError(res, 'User is not found.');
+//     }
+
+//     if (!await user.checkPassword(req.body.password)) {
+//         return errors.makeUnauthorizedError(res, 'Password is not valid.');
+//     }
+
+//     return res.json({
+//         success: true,
+//         data: user
+//     });
+// };
+
+// module.exports.updateUserUnauthorized = async (req, res) => {
+//     const username = (req.body.username || '').trim();
+
+//     const user = await User.scope('withPassword').findOne({
+//         where: {
+//             [Sequelize.Op.or]: {
+//                 email: username,
+//                 username
+//             }
+//         }
+//     });
+
+//     if (!user) {
+//         return errors.makeUnauthorizedError(res, 'User is not found.');
+//     }
+
+//     if (!await user.checkPassword(req.body.password)) {
+//         return errors.makeUnauthorizedError(res, 'Password is not valid.');
+//     }
+
+//     await user.update(req.body);
+
+//     return res.json({
+//         success: true,
+//         data: user
+//     });
+// };
+
 module.exports.renew = async (req, res) => {
     const token = await RefreshToken.findOne({
         where: { value: req.body.token }

diff --git a/models/User.js b/models/User.js
@@ -151,14 +151,14 @@ User.prototype.checkPassword = async function checkPassword(password) {
 
 /* istanbul ignore next */
 User.prototype.notValidFields = function notValidFields() {
-    const missingFields = [];
-    for (const field of ['date_of_birth', 'gender']) {
-        if (!this[field]) {
-            missingFields.push(field);
-        }
-    }
+    const errors = {};
+
+    if (!this.gender) errors.gender = ['Gender should be set.'];
+    if (!this.date_of_birth) errors.date_of_birth = ['Date of birth should be set.'];
+    if (!this.phone) errors.phone = ['Phone should be set.'];
+    if (!this.address) errors.address = ['Address should be set.'];
 
-    return { missingFields };
+    return errors;
 };
 
 module.exports = User;
diff --git a/test/api/authorization.test.js b/test/api/authorization.test.js
@@ -86,6 +86,26 @@ describe('Authorization', () => {
         expect(res.body).toHaveProperty('message');
     });
 
+    // TODO: rethink that.
+    // test('should fail if user is not valid', async () => {
+    //     const user = await generator.createUser({ password: 'testtest', address: null });
+    //     const res = await request({
+    //         uri: '/login/',
+    //         method: 'POST',
+    //         headers: { 'X-Auth-Token': 'blablabla' },
+    //         body: {
+    //             username: user.email,
+    //             password: 'testtest'
+    //         }
+    //     });
+
+    //     expect(res.statusCode).toEqual(422);
+    //     expect(res.body.success).toEqual(false);
+    //     expect(res.body).toHaveProperty('errors');
+    //     expect(res.body).not.toHaveProperty('data');
+    //     expect(res.body.errors).toHaveProperty('address');
+    // });
+
     test('should succeed if everything is okay', async () => {
         const user = await generator.createUser({ password: 'testtest' });
         const res = await request({

diff --git a/test/scripts/generator.js b/test/scripts/generator.js
@@ -28,6 +28,7 @@ exports.generateUser = (options = {}) => {
     if (notSet(options.phone)) options.phone = faker.phone.phoneNumber();
     if (notSet(options.date_of_birth)) options.date_of_birth = faker.date.past();
     if (notSet(options.about_me)) options.about_me = faker.lorem.paragraph();
+    if (notSet(options.address)) options.address = faker.lorem.paragraph();
     if (notSet(options.password)) options.password = faker.random.alphaNumeric(16);
     if (notSet(options.mail_confirmed_at)) options.mail_confirmed_at = new Date();