plotly · n-riesco · May 28, 2018 · May 26, 2018 · May 26, 2018 · May 27, 2018
diff --git a/backend/persistent/QueryScheduler.js b/backend/persistent/QueryScheduler.js
@@ -1,11 +1,23 @@
-import * as Connections from './datastores/Datastores';
-import {getConnectionById} from './Connections';
-import {getQuery, getQueries, saveQuery, deleteQuery} from './Queries';
-import {getSetting} from '../settings';
-import Logger from '../logger';
-import {PlotlyAPIRequest, updateGrid} from './plotly-api.js';
 import {has} from 'ramda';
 
+import {getConnectionById} from './Connections.js';
+import * as Connections from './datastores/Datastores.js';
+import Logger from '../logger';
+import {
+    getQuery,
+    getQueries,
+    saveQuery,
+    deleteQuery
+} from './Queries.js';
+import {
+    getCredentials,
+    getSetting
+} from '../settings.js';
+import {
+    PlotlyAPIRequest,
+    updateGrid
+} from './plotly-api.js';
+
 class QueryScheduler {
     constructor() {
         this.scheduleQuery = this.scheduleQuery.bind(this);
@@ -118,16 +130,12 @@ class QueryScheduler {
          * If the user is the owner, then requestor === fid.split(':')[0]
          * If the user is a collaborator, then requestor is different
          */
-        const username = requestor;
-        const user = getSetting('USERS').find(
-             u => u.username === username
-        );
+        const {username, apiKey, accessToken} = getCredentials(requestor);
 
         // Check if the user even exists
-        if (!user || !(user.apiKey || user.accessToken)) {
+        if (!username || !(apiKey || accessToken)) {
             /*
-             * Heads up - the front end looks for "Unauthenticated" in this
-             * error message. So don't change it!
+             * Warning: The front end looks for "Unauthenticated" in this error message. Don't change it!
              */
             const errorMessage = (
                 `Unauthenticated: Attempting to update grid ${fid} but the ` +
@@ -136,7 +144,7 @@ class QueryScheduler {
             Logger.log(errorMessage, 0);
             throw new Error(errorMessage);
         }
-        const {apiKey, accessToken} = user;
+
         // Check if the credentials are valid
         return PlotlyAPIRequest('users/current', {
             method: 'GET', username, apiKey, accessToken

diff --git a/backend/persistent/plotly-api.js b/backend/persistent/plotly-api.js
@@ -1,8 +1,13 @@
 import fetch from 'node-fetch';
-import {getSetting} from '../settings.js';
-import Logger from '../logger';
 import FormData from 'form-data';
 
+import Logger from '../logger.js';
+import {
+    getCredentials,
+    getSetting
+} from '../settings.js';
+
+
 // Module to access Plot.ly REST API
 //
 // See API documentation at https://api.plot.ly/v2/
@@ -31,19 +36,15 @@ export function PlotlyAPIRequest(relativeUrl, {body, username, apiKey, accessTok
 }
 
 export function newDatacache(payloadJSON, type, requestor) {
-    const form = new FormData();
-    form.append('type', type);
-    form.append('origin', 'Falcon');
-    form.append('payload', payloadJSON);
-    const body = form;
-
-    const users = getSetting('USERS');
-    const user = users.find(
-        u => u.username === requestor
-    );
-
-    if (user) {
-        form.append('username', user.username);
+    const {username, apiKey, accessToken} = getCredentials(requestor);
+
+    const body = new FormData();
+    body.append('type', type);
+    body.append('origin', 'Falcon');
+    body.append('payload', payloadJSON);
+
+    if (username) {
+        body.append('username', username);
     }
 
     /*
@@ -52,17 +53,12 @@ export function newDatacache(payloadJSON, type, requestor) {
      * to proceed with blank `Authorization` header.
      */
     let authorization = '';
-    if (user) {
-        const apiKey = user.apiKey;
-        const accessToken = user.accessToken;
-
-        if (apiKey) {
-            authorization = 'Basic ' + new Buffer(
-                requestor + ':' + apiKey
-            ).toString('base64');
-        } else if (accessToken) {
-            authorization = `Bearer ${accessToken}`;
-        }
+    if (apiKey) {
+        authorization = 'Basic ' + new Buffer(
+            requestor + ':' + apiKey
+        ).toString('base64');
+    } else if (accessToken) {
+        authorization = `Bearer ${accessToken}`;
     }
 
     return fetch(`${getSetting('PLOTLY_URL')}/datacache`, {
@@ -85,13 +81,7 @@ export function newDatacache(payloadJSON, type, requestor) {
 }
 
 export function updateGrid(rows, fid, uids, requestor) {
-    const username = requestor;
-    const users = getSetting('USERS');
-    const user = users.find(
-        u => u.username === username
-    );
-    const apiKey = user.apiKey;
-    const accessToken = user.accessToken;
+    const {username, apiKey, accessToken} = getCredentials(requestor);
 
     // TODO - Test case where no rows are returned.
     if (uids.length !== rows[0].length) {
@@ -129,16 +119,12 @@ export function updateGrid(rows, fid, uids, requestor) {
 
 // Resolve if the requestor has permission to update fid, reject otherwise
 export function checkWritePermissions(fid, requestor) {
-    const owner = fid.split(':')[0];
-    const user = getSetting('USERS').find(
-         u => u.username === requestor
-    );
+    const {username, apiKey, accessToken} = getCredentials(requestor);
 
     // Check if the user even exists
-    if (!user || !(user.apiKey || user.accessToken)) {
+    if (!username || !(apiKey || accessToken)) {
         /*
-         * Heads up - the front end looks for "Unauthenticated" in this
-         * error message. So don't change it!
+         * Warning: The front end looks for "Unauthenticated" in this error message. Don't change it!
          */
         const errorMessage = (
             `Unauthenticated: Attempting to update grid ${fid} but the ` +
@@ -147,7 +133,7 @@ export function checkWritePermissions(fid, requestor) {
         Logger.log(errorMessage, 0);
         throw new Error(errorMessage);
     }
-    const {apiKey, accessToken} = user;
+
     return PlotlyAPIRequest(`grids/${fid}`, {
         username: requestor,
         apiKey,
@@ -166,14 +152,17 @@ export function checkWritePermissions(fid, requestor) {
             return res.json();
         }
     }).then(function(filemeta) {
-        if (filemeta.collaborators &&
+        const owner = fid.split(':')[0];
+
+        if (owner === requestor) {
+            return Promise.resolve();
+        } else if (filemeta.collaborators &&
             filemeta.collaborators.results &&
-            Boolean(filemeta.collaborators.results.find(collab => requestor === collab.username))
+            filemeta.collaborators.results.find(collab => requestor === collab.username)
         ) {
-            return new Promise(function(resolve) {resolve();});
-        } else if (owner === requestor) {
-            return new Promise(function(resolve) {resolve();});
+            return Promise.resolve();
         }
+
         throw new Error('Permission denied');
     });
 }
diff --git a/backend/settings.js b/backend/settings.js
@@ -1,9 +1,11 @@
 import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
 import {concat, contains, has} from 'ramda';
 import YAML from 'yamljs';
+
 import {createStoragePath} from './utils/homeFiles';
-import path from 'path';
-import os from 'os';
 
 const DEFAULT_SETTINGS = {
     HEADLESS: false,
@@ -226,3 +228,8 @@ export function saveSetting(settingName, settingValue) {
      */
     fs.writeFileSync(getSetting('SETTINGS_PATH'), YAML.stringify(settingsOnFile));
 }
+
+// Get user credentials
+export function getCredentials(username) {
+    return getSetting('USERS').find(u => u.username === username) || {};
+}